On 03/05/2010 07:26 PM, Robert Nichols wrote:
> Wrong answer. Those files are not moving. Nor are they going to
> labeled tmp_t.
>
I do not know the specific path but assuming:
/srv/mymail
than you could for example try to label the mymail directory with type
mail_spool_t:
semanage fcontext -a -t mail_spool_t "/srv/mymail(/.*)?"
restorecon -R -v /srv/mymail
That should allow procmail_t to create files and dirs in /srv/mymail.
Assuming that it has access to search type var_t dirs (/srv), which i
think it does:
sesearch --allow -s procmail_t -t var_t -c dir -p search
Found 5 semantic av rules:
allow procmail_t var_t : dir { getattr search open } ;
allow domain var_t : dir { getattr search open } ;
allow procmail_t var_t : dir { getattr search open } ;
allow procmail_t var_t : dir { getattr search open } ;
allow procmail_t var_t : dir { getattr search open } ;
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
