Paul Howarth wrote:
On Tue, 2006-06-20 at 17:35 -0400, Daniel J Walsh wrote:
Ok if you guys have this all working, I would like to grab your policy
modules and merge them so upstream can get them.
It's not ready yet.
Firstly, there are a bunch of things currently allowed by the policy
that we don't yet understand (such as why the postfix master program
wants to read the attributes of one of its own manpages). I'd like to
know what, if anything, breaks if these curious things are not allowed.
Secondly, I think that clamassassin needs its own domain. Currently it
starts running in the procmail domain, makes a temp file of the message
to be scanned (which will be procmail_tmp_t) and then has clamscan scan
the file (so clamscan needs to be able to read procmail_tmp_t files). If
clamassassin had its own domain, the temp file could be written as
clamscan_tmp_t, which would be much better.
Paul.
OK when you have it working the way you want we can merge it in.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list