Re: postfix, procmail and SELinux - No Go

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2006-06-20 at 14:05 +0100, Paul Howarth wrote:
> Marc Schwartz wrote:

<snip>

> There's something very curious going on here. With 
> selinux-policy-2.2.43-4.fc5 you should have clamav module version 1.0.1.
> 
> Try this:
> # yum install yum-utils
> # yumdownloader selinux-policy selinux-policy-targeted
> # rpm -Uvh --replacefiles --replacepkgs \
> 	selinux-policy-2.2.43-4.fc5.noarch.rpm \
> 	selinux-policy-targeted-2.2.43-4.fc5.noarch.rpm
> # semodule -l
> 
> Paul.

OK. We seem to have solved the module install problem (save one) with
the above process.

# semodule -l
amavis  1.0.4
clamav  1.0.1
mydcc   0.1.3
mypostfix       0.1.0
mypyzor 0.1.3
procmail        0.5.3
pyzor   1.0.1


Note that now the amavis module is indicated (I installed amavis after
the discussion with Nicolas, but have not configured it yet, pending
this whole process).

Also, note that now I am getting an error when trying to install the
myclam.pp module:

# semodule -i myclam.pp
libsepol.scope_copy_callback: myclam: Duplicate declaration in module:
type/attribute clamscan_tmp_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!


So I presume that there is an update in the version 1.0.1 of the new
clamav module that conflicts with the declarations in our new module?

The current myclam.te is:

# cat myclam.te
####### myclam.te #######
policy_module(myclam, 0.1.2)

require {
         type clamscan_t;
         type procmail_tmp_t;
         type postfix_local_t;
};

# temp files
type clamscan_tmp_t;
files_tmp_file(clamscan_tmp_t)

# Allow clamscan to create and use temp files and dirs
allow clamscan_t clamscan_tmp_t:dir create_dir_perms;
allow clamscan_t clamscan_tmp_t:file create_file_perms;
files_type(clamscan_tmp_t)
files_tmp_filetrans(clamscan_t, clamscan_tmp_t, { file dir })

# Allow clamscan to read and write  temp files created by procmail
# (needed for clamassassin)
allow clamscan_t procmail_tmp_t:file rw_file_perms;

# Allow clamscan output to be piped back into the
# postfix local delivery process
allow clamscan_t postfix_local_t:fd use;
allow clamscan_t postfix_local_t:fifo_file write;


Marc


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux