spamassassin transition
Dominick Grift
domg472 at gmail.com
Mon Aug 3 08:25:16 UTC 2009
On Mon, 2009-08-03 at 10:13 +0200, Daniel Fazekas wrote:
> On Aug 3, 2009, at 02:20, Scott Radvan wrote:
>
> > spamassassin_can_network seems to be a good Boolean to explain, show
> > the denial and then show the work-around for.
> > This Boolean is off by default, which as far as I can tell would
> > stop spamassassin from launching as a daemon listening on the
> > machine's actual IP/interface.
>
> I thought spamassassin_can_network was for allowing SpamAssassin to
> access various online services, such as Razor2 or Pyzor, for more
> accurate spam detection.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
basically it allow spamassassin_t to connect to any tcp port and
sendrecv udp.
# set tunable if you have spamassassin do DNS lookups
tunable_policy(`spamassassin_can_network',`
allow spamassassin_t self:tcp_socket create_stream_socket_perms;
allow spamassassin_t self:udp_socket create_socket_perms;
corenet_all_recvfrom_unlabeled(spamassassin_t)
corenet_all_recvfrom_netlabel(spamassassin_t)
corenet_tcp_sendrecv_generic_if(spamassassin_t)
corenet_udp_sendrecv_generic_if(spamassassin_t)
corenet_tcp_sendrecv_generic_node(spamassassin_t)
corenet_udp_sendrecv_generic_node(spamassassin_t)
corenet_tcp_sendrecv_all_ports(spamassassin_t)
corenet_udp_sendrecv_all_ports(spamassassin_t)
corenet_tcp_connect_all_ports(spamassassin_t)
corenet_sendrecv_all_client_packets(spamassassin_t)
corenet_udp_bind_generic_node(spamassassin_t)
sysnet_read_config(spamassassin_t)
')
hth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090803/0425182d/attachment.sig>
More information about the fedora-selinux-list
mailing list