Re: postfix, procmail and SELinux - No Go

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Howarth wrote:
On Tue, 2006-06-20 at 17:35 -0400, Daniel J Walsh wrote:
Ok if you guys have this all working, I would like to grab your policy modules and merge them so upstream can get them.

It's not ready yet.

Firstly, there are a bunch of things currently allowed by the policy
that we don't yet understand (such as why the postfix master program
wants to read the attributes of one of its own manpages). I'd like to
know what, if anything, breaks if these curious things are not allowed.

Secondly, I think that clamassassin needs its own domain. Currently it
starts running in the procmail domain, makes a temp file of the message
to be scanned (which will be procmail_tmp_t) and then has clamscan scan
the file (so clamscan needs to be able to read procmail_tmp_t files). If
clamassassin had its own domain, the temp file could be written as
clamscan_tmp_t, which would be much better.

Paul.

OK when you have it working the way you want we can merge it in.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux