Updates to amavisd [patch]

Russell Coker russell at coker.com.au
Fri Apr 22 08:09:27 UTC 2005


On Friday 15 April 2005 07:35, David Hampton <hampton-rh at rainbolthampton.net> 
wrote:
> The attached patch updates the (unused) amavisd policy to work with the
> changes in the FC strict/1.23.10-2 policy.  It also fixes the access
> needed by tmpreaper to delete files from the caught spam/virus
> directory.

+allow initrc_t amavisd_etc_t:file read;
Generally it's a bad idea to grant read access without getattr.

@@ -120,6 +122,6 @@

 # Tmp reaper
 ifdef(`tmpreaper.te', `
-allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr 
unlink
 };
-allow tmpreaper_t amavisd_quarantine_t:file getattr;
+allow tmpreaper_t amavisd_quarantine_t:dir create_dir_perms;
+allow tmpreaper_t amavisd_quarantine_t:file link_file_perms;
 ')

tmpreaper_t shouldn't be creating directories.  For the file access { getattr 
unlink } should be sufficient.

The following should do:
allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-selinux-list mailing list