Matthew Gillen wrote:
Hi,
I'm new to SELinux, and I was having some problems with procmail not working
correctly for me with NFS (via NIS-based autofs) home directories on FC5.
There seemed to be a discussion about a similar issue a while back:
http://www.redhat.com/archives/fedora-list/2006-May/msg03265.html
but the solutions there didn't solve my problem.
In any event, I managed to get it working for myself using the following
policy module. The 'autofs_t:dir search' part seemed to be needed to find
my .procmailrc file, and the rest looks like it is needed to write messages
into my maildirs under $HOME/Mail/
If anyone has suggestions on how to improve this I'd be happy to hear them.
Thanks,
Matt
--------------------------------------
module procmailnfs 1.0;
require {
class dir { getattr search write };
class file { append getattr read };
type autofs_t;
type default_t;
type procmail_t;
role system_r;
};
allow procmail_t autofs_t:dir search;
allow procmail_t default_t:dir { getattr search write };
allow procmail_t default_t:file { append getattr read };
A couple of things:
1. I'm surprised you're getting default_t as the type; NFS directories
here are nfs_t
2. I'd wrap the parts needed for NFS home directories with a conditional
based on the state of the use_nfs_home_dirs boolean, as for instance
happens in the xserver policy:
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_t)
fs_manage_nfs_files(xdm_t)
fs_manage_nfs_symlinks(xdm_t)
fs_exec_nfs_files(xdm_t)
')
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
