On Tue, 2006-06-20 at 17:35 -0400, Daniel J Walsh wrote: > Ok if you guys have this all working, I would like to grab your policy > modules and merge them so upstream can get them. It's not ready yet. Firstly, there are a bunch of things currently allowed by the policy that we don't yet understand (such as why the postfix master program wants to read the attributes of one of its own manpages). I'd like to know what, if anything, breaks if these curious things are not allowed. Secondly, I think that clamassassin needs its own domain. Currently it starts running in the procmail domain, makes a temp file of the message to be scanned (which will be procmail_tmp_t) and then has clamscan scan the file (so clamscan needs to be able to read procmail_tmp_t files). If clamassassin had its own domain, the temp file could be written as clamscan_tmp_t, which would be much better. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
