On Dec 28, 2010, at 3:40 PM, Dominick Grift wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/28/2010 09:35 PM, Dominick Grift wrote: >> On 12/28/2010 09:31 PM, Vadym Chepkov wrote: >> >>> On Dec 24, 2010, at 12:01 PM, Vadym Chepkov wrote: >> >>>> Hi, >>>> >>>> It seems for some reason selinux-targeted policy on Fedora doesn't install razor policy and, furthermore, removes it if razor module was installed. >>>> I guess it is done for simplicity, to have just one "spam" domain. But, somehow the proper labeling was forgotten: >>>> >>>> selinux-policy-targeted-3.9.7-18.fc14.noarch >>>> >>>> # ls -Z /usr/bin/razor-* >>>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-admin >>>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-check >>>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-client >>>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-report >>>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-revoke >>>> >>>> # ls -dZ /home/vchepkov/.razor >>>> drwxr-xr-x. vchepkov users unconfined_u:object_r:user_home_t:s0 /home/vchepkov/.razor >>>> >>>> # ls -dZ /root/.razor >>>> drwxr-xr-x. root root system_u:object_r:admin_home_t:s0 /root/.razor >>>> >>>> >>>> Vadym >>>> >>>> P.S. On related note, how do $HOME files get their labeling? > > It depends, When all is right then files in Home get created with the > proper contexts by means of "type transitions" basically rules. > > example: > > if a process with type pyzor_t creates a file in a directory with type > user_home_dir_t then "type transition" from user_home_dir_t to pyzor_home_t. > > But in gnome-session there is also restorecond -u watching contexts in home. > > Basically it compares contexts in home with whats defined in semanage > fcontext (or homedir.template) and resets contexts accordingly. (this is > some hack to ensure that user home dir content is labelled properly) That was my question, how do you define it in semanage fcontext? I see explicit references to /root/ home, but what about users home? Some sort of keyword/macro? > >>>> # semanage fcontext -l|grep pyzor >>>> has reference only to >>>> /root/\.pyzor(/.*)? all files system_u:object_r:pyzor_home_t:s0 >>>> >>>> but, directory gets proper labeling: >>>> >>>> # ls -dZ /home/vchepkov/.pyzor >>>> drwx------. vchepkov users unconfined_u:object_r:spamc_home_t:s0 /home/vchepkov/.pyzor >>>> >>>> >>>> >> >>> I wonder if e-mail got lost. >> >> I think i replied to this message earlier. So for me it was not lost. anti-spam filters kill useful stuf too nowadays :( >> >>> Shall I just open a bugzilla about it? >> >> Yes i think that may be the best solution (bugzilla.redhat.com in the >> selinux-policy component) Will do, thanks. >> >> Looks like somehow fedora has not installed the pyzor/razor policy >> module or did it wrong. It seems it was deliberate: rpm -q -changelog selinux-policy-targeted * Fri Jul 25 2008 Dan Walsh <dwalsh@xxxxxxxxxx> 3.5.1-4 - Consolodate pyzor,spamassassin, razor into one security domain But it was partially reversed: * Thu Nov 18 2010 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.9.7-12 - Turn on pyzor policy >> >>> Thanks, >>> Vadym >> >>> -- >>> selinux mailing list >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.16 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk0aSz8ACgkQMlxVo39jgT+u1QCfVLjLxlwugdnk6D848loHovF4 > ShgAn11QNQsc5YrnIsP8cHS8GwnVLMTF > =l1Nt > -----END PGP SIGNATURE----- > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
