Tweaks to the amavis policy
Russell Coker
russell at coker.com.au
Fri Apr 22 23:54:19 UTC 2005
On Friday 22 April 2005 21:08, Daniel J Walsh <dwalsh at redhat.com> wrote:
> >allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
> >allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };
>
> Why not add the attribute tmpfile to amavisd_quarantine_t and you get
> this for free.
True. tmpfile does grant access to the initrc_t domain, but that shouldn't be
a problem in this case (and I can imagine a start script for amavis wanting
to do such things).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list