On Tuesday 22 March 2005 12:23, David Hampton <hampton-rh@xxxxxxxxxxxxxxxxxxx>
wrote:
> This is a new strict policy for the pyzor spam filter. It is based on
> the selinux-policy-strict-sources-1.23.2-1 fedora RPM. This policy
> requires the definition of a pyzor reserved port that was in the
> net_contexts diff I sent last Wednesday. Please let me know if there
> are any problems with or changes needed to this policy.
Attached a patch to allow it to work from console logins.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--- pyzor_macros.te.old 2005-04-22 01:06:30.000000000 +1000
+++ pyzor_macros.te 2005-04-22 01:07:38.000000000 +1000
@@ -63,6 +63,6 @@
# Allow pyzor to be run by hand. Needed by any action other than
# invocation from a spam filter.
-allow $1_pyzor_t $1_devpts_t:chr_file rw_file_perms;
-allow $1_pyzor_t sshd_t:fd use;
+allow $1_pyzor_t { $1_devpts_t $1_tty_device_t }:chr_file rw_file_perms;
+allow $1_pyzor_t privfd:fd use;
')
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
