On Friday 22 April 2005 21:08, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> >allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
> >allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };
>
> Why not add the attribute tmpfile to amavisd_quarantine_t and you get
> this for free.
True. tmpfile does grant access to the initrc_t domain, but that shouldn't be
a problem in this case (and I can imagine a start script for amavis wanting
to do such things).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
