The attached patch updates the (unused) amavisd policy to work with the
changes in the FC strict/1.23.10-2 policy. It also fixes the access
needed by tmpreaper to delete files from the caught spam/virus
directory.
David
Index: domains/program/unused/amavis.te
===================================================================
RCS file: /home/cvs/starfury/etc/selinux/strict/src/policy/domains/program/unused/amavis.te,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 amavis.te
--- domains/program/unused/amavis.te 6 Apr 2005 22:35:54 -0000 1.1.1.2
+++ domains/program/unused/amavis.te 13 Apr 2005 14:28:28 -0000
@@ -23,6 +23,7 @@
daemon_domain(amavisd)
tmp_domain(amavisd)
+allow initrc_t amavisd_etc_t:file read;
allow initrc_t amavisd_lib_t:dir { search read write rmdir remove_name unlink };
allow initrc_t amavisd_lib_t:file unlink;
allow initrc_t amavisd_var_run_t:dir setattr;
@@ -34,11 +35,12 @@
# networking
can_network_server_tcp(amavisd_t, amavisd_recv_port_t)
-allow amavisd_t port_type:tcp_socket name_connect;
allow amavisd_t amavisd_recv_port_t:tcp_socket name_bind;
+allow mta_delivery_agent amavisd_recv_port_t:tcp_socket name_connect;
# The next line doesn't work right so drop the port specification.
#can_network_client_tcp(amavisd_t, amavisd_send_port_t)
can_network_client_tcp(amavisd_t)
+allow amavisd_t amavisd_send_port_t:tcp_socket name_connect;
can_resolve(amavisd_t);
can_ypbind(amavisd_t);
can_tcp_connect(mail_server_sender, amavisd_t);
@@ -120,6 +122,6 @@
# Tmp reaper
ifdef(`tmpreaper.te', `
-allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr unlink };
-allow tmpreaper_t amavisd_quarantine_t:file getattr;
+allow tmpreaper_t amavisd_quarantine_t:dir create_dir_perms;
+allow tmpreaper_t amavisd_quarantine_t:file link_file_perms;
')
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
