> Hi, > > > -----Original Message----- > > From: fedora-selinux-list-bounces@xxxxxxxxxx > [mailto:fedora-selinux-list- > > bounces@xxxxxxxxxx] On Behalf Of Shintaro Fujiwara > > Sent: Monday, July 02, 2007 2:48 PM > > To: fedora-selinux-list > > Subject: Re: httpd can't send mails > > > > > > If you using postfix, here's what I did. > > I made interface for postfix. > > > > ######################################## > > ## <summary> > > ## for xoops sending mail from postfix. > > ## </summary> > > ## <param name="domain"> > > ## Domain allowed to sending mails. > > ## </param> > > # > > > > interface(`xoops_send_mail_by_postfix',` > > gen_require(` > > type bin_t; > > type smtp_port_t; > > type sendmail_exec_t; > > ') > > allow $1 bin_t:dir search; > > allow $1 smtp_port_t:tcp_socket { name_connect send_msg > > recv_msg }; > > allow $1 sendmail_exec_t:file { execute execute_no_trans > getattr > > read }; > > ') > > > > If you have the full reference policy source you should use defined > interfaces instead of breaking encapsulation of the types. For example, > you can rewrite your interface without any requires as: > > interface(`xoops_send_mail_by_postfix',` > > corecmd_search_bin($1) > > corenet_tcp_connect_smtp_port($1) > corenet_tcp_sendrecv_smtp_port($1) > > mta_exec($1) > ') > > David Thanks ! That's what I'm aiming at in near future. As a matter of fact, I printed every interfaces and felt at a loss, because of its thickness. In what page or Software can I find those defined interfaces ? SLIDE ? I once wrote such a software named segatex... Why audit2allow is just echoing raw access vectors and not interfaces ? I think if audit2allow has such an option, it would be more convenient and rewarding. Maybe I should rewrite my own program ...segatex...by this summer,though. Or are there other project doing the same thing? Karl's project? http://sourceforge.net/projects/segatex/ http://intrajp.no-ip.com my homepage Officer,System-Information,Signal School, JGSDF -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
