Marc Schwartz wrote:
On Wed, 2006-06-07 at 13:12 -0500, Marc Schwartz (via MN) wrote:
On Wed, 2006-06-07 at 17:56 +0100, Paul Howarth wrote:
On Wed, 2006-06-07 at 12:20 -0400, Daniel J Walsh wrote:
I will be turning on dcc and razor policy in next rawhide update. This
should cover some of the problems you are having. Please send
me all of your policy so that I can get it in the upstream pool.
We may need to do some rework then, since what we have, particularly for
dcc, is getting the dcc client to work in spamd when running in the
spamd domain. By turning on the dcc policy, this will all change.
Similarly, Mark seems to be running razor from pyzor, so the policy
tweaks have been for getting razor working as pyzor_t.
I can send you what we've got so far, but it'll be of limited
usefulness. Perhaps more useful would be if Mark could let you know
where the various files/programs are installed to in the upstream
default configuration (and his config, if different), so that the file
contexts in policy can be right first time.
<snip of policies>
Paul and Dan,
As of this moment, now running in Enforcing Mode, the following are
known to work with Paul's policies and context changes:
Incoming multiple POP3 account mail via fetchmail is working.
fetchmail, BTW, runs every 2 mins. from my own crontab file, not the
system crontab, using ~/.fetchmailrc.
Outgoing mail via company SMTP server is working
Mail forwarding off my laptop via procmail/postfix is working
Clamassassin is working
Spamassassin is working
I have not yet had any Viagra-like e-mails to be able to test the other
remote servers (ie. pyzor, razor and DCC) to check for function.
Hopefully some with come through today (why can't you get them when you
want them.... ;-).
Just a quick update here that so far, I can add:
DCC is working
Pyzor is working
to the list.
So far, no confirmed hits on Razor2 or RBL's (ie. SpamCop).
I have temporarily modified some of the SA generated e-mail headers via
add_header in user_prefs so that I can keep better track of these things
specifically.
I'll post more when I can confirm the remaining tests.
At this point it might be worth trying to remove some of the "strange"
policy items, such as:
allow postfix_master_t man_t:file getattr;
and see what, if anything fails. By doing this we might get some insight
into what is actually happening, or if nothing breaks, we could
dontaudit it instead of allowing it.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
