Paul Howarth wrote:
attached is a patch based on local policy I'm using on Fedora 9 to
support two "milter" mail filter daemons in conjunction with sendmail,
namely spamass-milter and milter-regex (I maintain the packages for both
of these in Fedora).
I've taken the view that most milter applications will have similar
requirements and so I've created a milter_template interface that
contains most of what's needed, and then added the specifics that are
needed on top of the generic stuff for each application.
However, as I'm by no means an selinux expert, there are a number of
things I'm unsure about:
1. In a situation where sendmail is the running MTA on a system, what is
the difference between sendmail_t and system_mail_t?
2. MTAs other than sendmail (postfix comes to mind) can also use
milters, but as I don't have any boxes running postfix, I don't know
what I'd need to add to postfix policy to support milters.
3. Fedora 9 has an interface spamassassin_domtrans_spamc that I used in
my local policy. It doesn't appear to be present in refpolicy; what
would be the right thing to use for a daemon calling spamc?
4. I cribbed the milter_port_t stuff from the only example I could find,
and it's probably wrong. What would be the correct way of defining this?
5. Does the use of a template for these applications a sane way to do it?
Should I have raised this somewhere else, or in a different way? I've
had no responses either here or on fedora-selinux-list. The
spamass-milter is currently broken with SELinux enforcing on Fedora 9
and I'd like to be able to make at least a little progress towards
fixing that.
Paul.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
