Christopher J. PeBenito wrote:
On Mon, 2008-09-22 at 13:27 +0100, Paul Howarth wrote:
Updated patch: sendmail, when run as "newaliases", tries to getattr()
milter sockets as well as the directories they live in, so I changed
the
milter_getattr_all_data_dirs interface to milter_getattr_all_sockets.
I also moved the call to this interface in mta.te out from the middle
of
a bunch of postfix-related lines.
Paul.
I think my last two comments are
* you can't require milter_port_t. It doesn't seem like a generic port
type would be useful anyway, otherwise there would be a port defined.
So I should change "allow milter_$1_t milter_port_t:tcp_socket
name_bind;" to "corenet_tcp_bind_generic_port($1_milter_t)"?
I can do that but I don't understand why milter_port_t should be any
different than say stunnel_port_t, which also doesn't have a default
port defined, and would be used in a similar way, i.e. an admin would
set up an application to use a specific port (a milter running over tcp
needs to have a port specified, just a tunnel set up using stunnel does
- they don't just bind to random generic ports).
* milter vs milters inconsistency of naming
I'll rename the module and the file to milter then, though I'd hoped
that "milter" would have been accepted as an abbreviation of "milters".
* derived types should have the prefix first, eg, $1_milter_t not
milter_$1_t.
I'll change those.
Paul.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
