Re: Root not allowed to use procmail??????

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 5 Apr 2010 14:46:00 +0200
Dominick Grift <domg472@xxxxxxxxx> wrote:

> On Mon, Apr 05, 2010 at 08:22:14AM -0400, Daniel J Walsh wrote:
> > On 04/05/2010 04:47 AM, Dominick Grift wrote:
> > >type procmail_home_t;
> > >userdom_user_home_content(procmail_home_t)
> > >
> > >optional_policy(`
> > >gen_require(`
> > >	type procmail_t;
> > >')
> > >
> > >manage_dirs_pattern(procmail_t, procmail_home_t, procmail_home_t)
> > >manage_files_pattern(procmail_t, procmail_home_t, procmail_home_t)
> > >userdom_user_home_dir_filetrans(procmail_t, procmail_home_t, { dir
> > >file }) userdom_admin_home_dir_filetrans(procmail_t,
> > >procmail_home_t, { dir file })
> > >userdom_search_user_home_dirs(procmail_t)
> > >userdom_search_admin_dir(procmail_t) ')
> > >
> > >myprocmail.fc:
> > >
> > >HOME_DIR/\.procmailrc --
> > >gen_context(system_u:object_r:procmail_home_t,
> > >s0) /root/\.procmailrc --
> > >gen_context(system_u:object_r:procmail_home_t, s0)
> > >
> > >make -f /usr/share/selinux/devel/Makefile myprocmail.pp
> > >sudo semodule -i myprocmail.pp
> > >sudo restorecon -v/root/.procmailrc
> > >
> > I will add this, but there is a comment in the current policy
> > 
> > # only works until we define a different type for maildir
> > userdom_manage_user_home_content_dirs(procmail_t)
> > userdom_manage_user_home_content_files(procmail_t)
> > userdom_manage_user_home_content_symlinks(procmail_t)
> > userdom_manage_user_home_content_pipes(procmail_t)
> > userdom_manage_user_home_content_sockets(procmail_t)
> > userdom_user_home_dir_filetrans_user_home_content(procmail_t, { dir
> > file lnk_file fifo_file sock_file })
> > 
> > 
> > Should we add a file context for maildir and add the symlinks,
> > pipes,sockets for procmail_home_t?
> 
> I later noticed that comment as well and this probably complicates
> matters as procmail is likely not the only service that needs access
> to maildir.

Indeed it isn't. I use dovecot IMAP server, which is configured to
serve mail delivered to maildir directories within users' home
directories (and it could handle mbox and possibly other formats too,
though maildir is faster and better from a backup perspective).

Paul.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux