Tweaks to the amavis policy
Russell Coker
russell at coker.com.au
Fri Apr 22 08:19:46 UTC 2005
On Thursday 17 March 2005 00:18, David Hampton
<hampton-rh at rainbolthampton.net> wrote:
> I've added support to the (unused) amavis policy to allow interaction
> with additional mail filters, and added a new type specifically for
> quarantined spam and viruses. I also tweaked the network access to
> limit ports that can be used by amavisd. I'd appreciate any feedback on
> these changes or tips on how to write better policies. Thanks.
+# Tmp reaper
+ifdef(`tmpreaper.te', `
+allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr
unlink };
+allow tmpreaper_t amavisd_quarantine_t:file getattr;
+')
tmpreaper_t should not need setattr access to the directory.
To perform any useful function tmpreaper_t will need read/write access to the
directory and unlink access to the file such as the following:
allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list