module myprocmail 1.0;
require {
type quota_db_t;
type etc_aliases_t;
type procmail_t;
type admin_home_t;
type spamc_t;
type shadow_t;
class file { getattr read open append lock };
class dir { getattr read open write };
class capability { dac_read_search dac_override };
}
#============= procmail_t ==============
allow procmail_t etc_aliases_t:file { getattr read open };
allow procmail_t quota_db_t:file { getattr append open lock };
allow procmail_t admin_home_t:dir write;
allow procmail_t admin_home_t:file open;
allow spamc_t self:capability { dac_read_search dac_override };
allow spamc_t shadow_t:file read;
Then everytime we do a restorecon -vR for a home directory we get the
following and if you repeat the command you will get the same output.
We did do, semanage fcontext -a -e /home /export/home, so selinux knows
that this is a home directory structure for NFS automounting.
restorecon -vR /export/home/chighley
restorecon reset /export/home/chighley/.pyzor context
system_u:object_r:spamc_home_t:s0->system_u:object_r:pyzor_home_t:s0
restorecon reset /export/home/chighley/.pyzor/servers context
system_u:object_r:spamc_home_t:s0->system_u:object_r:pyzor_home_t:s0
restorecon reset /export/home/chighley/.razor context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset /export/home/chighley/.razor/identity context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset /export/home/chighley/.razor/razor-agent.log context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c101.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c102.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c103.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c104.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c105.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c118.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c121.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c122.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c123.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c301.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c302.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c303.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c304.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.c305.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.folly.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.joy.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.n001.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.n002.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.n003.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/server.n004.cloudmark.com.conf context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset /export/home/chighley/.razor/servers.catalogue.lst
context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset /export/home/chighley/.razor/servers.discovery.lst
context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset /export/home/chighley/.razor/servers.nomination.lst
context
unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
restorecon reset /export/home/chighley/.razor/servers.catalogue.lst.lock
context
system_u:object_r:spamc_home_t:s0->system_u:object_r:razor_home_t:s0
restorecon reset
/export/home/chighley/.razor/servers.nomination.lst.lock context
system_u:object_r:spamc_home_t:s0->system_u:object_r:razor_home_t:s0
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
