RE: httpd can't send mails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> -----Original Message-----
> From: fedora-selinux-list-bounces@xxxxxxxxxx
[mailto:fedora-selinux-list-
> bounces@xxxxxxxxxx] On Behalf Of Shintaro Fujiwara
> Sent: Monday, July 02, 2007 2:48 PM
> To: fedora-selinux-list
> Subject: Re: httpd can't send mails
> 
> 
> If you using postfix, here's what I did.
> I made interface for postfix.
> 
> ########################################
> ## <summary>
> ##      for xoops sending mail from postfix.
> ## </summary>
> ## <param name="domain">
> ##      Domain allowed to sending mails.
> ## </param>
> #
> 
> interface(`xoops_send_mail_by_postfix',`
>         gen_require(`
>                 type bin_t;
>                 type smtp_port_t;
>                 type sendmail_exec_t;
>         ')
>         allow $1 bin_t:dir search;
>         allow $1 smtp_port_t:tcp_socket { name_connect send_msg
> recv_msg };
>         allow $1 sendmail_exec_t:file { execute execute_no_trans
getattr
> read };
> ')
> 

If you have the full reference policy source you should use defined
interfaces instead of breaking encapsulation of the types. For example,
you can rewrite your interface without any requires as:

interface(`xoops_send_mail_by_postfix',`

        corecmd_search_bin($1)

        corenet_tcp_connect_smtp_port($1)
        corenet_tcp_sendrecv_smtp_port($1)

        mta_exec($1)
')

David


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux