On Thursday 17 March 2005 00:18, David Hampton
<hampton-rh@xxxxxxxxxxxxxxxxxxx> wrote:
> I've added support to the (unused) amavis policy to allow interaction
> with additional mail filters, and added a new type specifically for
> quarantined spam and viruses. I also tweaked the network access to
> limit ports that can be used by amavisd. I'd appreciate any feedback on
> these changes or tips on how to write better policies. Thanks.
+# Tmp reaper
+ifdef(`tmpreaper.te', `
+allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr
unlink };
+allow tmpreaper_t amavisd_quarantine_t:file getattr;
+')
tmpreaper_t should not need setattr access to the directory.
To perform any useful function tmpreaper_t will need read/write access to the
directory and unlink access to the file such as the following:
allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
