On 04/05/2010 04:47 AM, Dominick Grift wrote:
type procmail_home_t;
userdom_user_home_content(procmail_home_t)
optional_policy(`
gen_require(`
type procmail_t;
')
manage_dirs_pattern(procmail_t, procmail_home_t, procmail_home_t)
manage_files_pattern(procmail_t, procmail_home_t, procmail_home_t)
userdom_user_home_dir_filetrans(procmail_t, procmail_home_t, { dir file })
userdom_admin_home_dir_filetrans(procmail_t, procmail_home_t, { dir file })
userdom_search_user_home_dirs(procmail_t)
userdom_search_admin_dir(procmail_t)
')
myprocmail.fc:
HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
make -f /usr/share/selinux/devel/Makefile myprocmail.pp
sudo semodule -i myprocmail.pp
sudo restorecon -v /root/.procmailrc
I will add this, but there is a comment in the current policy
# only works until we define a different type for maildir
userdom_manage_user_home_content_dirs(procmail_t)
userdom_manage_user_home_content_files(procmail_t)
userdom_manage_user_home_content_symlinks(procmail_t)
userdom_manage_user_home_content_pipes(procmail_t)
userdom_manage_user_home_content_sockets(procmail_t)
userdom_user_home_dir_filetrans_user_home_content(procmail_t, { dir
file lnk_file fifo_file sock_file })
Should we add a file context for maildir and add the symlinks,
pipes,sockets for procmail_home_t?
|
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
