Hi, > -----Original Message----- > From: fedora-selinux-list-bounces@xxxxxxxxxx [mailto:fedora-selinux-list- > bounces@xxxxxxxxxx] On Behalf Of Shintaro Fujiwara > Sent: Monday, July 02, 2007 2:48 PM > To: fedora-selinux-list > Subject: Re: httpd can't send mails > > > If you using postfix, here's what I did. > I made interface for postfix. > > ######################################## > ## <summary> > ## for xoops sending mail from postfix. > ## </summary> > ## <param name="domain"> > ## Domain allowed to sending mails. > ## </param> > # > > interface(`xoops_send_mail_by_postfix',` > gen_require(` > type bin_t; > type smtp_port_t; > type sendmail_exec_t; > ') > allow $1 bin_t:dir search; > allow $1 smtp_port_t:tcp_socket { name_connect send_msg > recv_msg }; > allow $1 sendmail_exec_t:file { execute execute_no_trans getattr > read }; > ') > If you have the full reference policy source you should use defined interfaces instead of breaking encapsulation of the types. For example, you can rewrite your interface without any requires as: interface(`xoops_send_mail_by_postfix',` corecmd_search_bin($1) corenet_tcp_connect_smtp_port($1) corenet_tcp_sendrecv_smtp_port($1) mta_exec($1) ') David -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
