[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Updates to amavisd [patch]



The attached patch updates the (unused) amavisd policy to work with the
changes in the FC strict/1.23.10-2 policy.  It also fixes the access
needed by tmpreaper to delete files from the caught spam/virus
directory.

David

Index: domains/program/unused/amavis.te
===================================================================
RCS file: /home/cvs/starfury/etc/selinux/strict/src/policy/domains/program/unused/amavis.te,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 amavis.te
--- domains/program/unused/amavis.te	6 Apr 2005 22:35:54 -0000	1.1.1.2
+++ domains/program/unused/amavis.te	13 Apr 2005 14:28:28 -0000
@@ -23,6 +23,7 @@
 daemon_domain(amavisd)
 tmp_domain(amavisd)
 
+allow initrc_t amavisd_etc_t:file read;
 allow initrc_t amavisd_lib_t:dir { search read write rmdir remove_name unlink };
 allow initrc_t amavisd_lib_t:file unlink;
 allow initrc_t amavisd_var_run_t:dir setattr;
@@ -34,11 +35,12 @@
 
 # networking
 can_network_server_tcp(amavisd_t, amavisd_recv_port_t)
-allow amavisd_t port_type:tcp_socket name_connect;
 allow amavisd_t amavisd_recv_port_t:tcp_socket name_bind;
+allow mta_delivery_agent amavisd_recv_port_t:tcp_socket name_connect;
 # The next line doesn't work right so drop the port specification.
 #can_network_client_tcp(amavisd_t, amavisd_send_port_t)
 can_network_client_tcp(amavisd_t)
+allow amavisd_t amavisd_send_port_t:tcp_socket name_connect;
 can_resolve(amavisd_t);
 can_ypbind(amavisd_t);
 can_tcp_connect(mail_server_sender, amavisd_t);
@@ -120,6 +122,6 @@
 
 # Tmp reaper
 ifdef(`tmpreaper.te', `
-allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr unlink };
-allow tmpreaper_t amavisd_quarantine_t:file getattr;
+allow tmpreaper_t amavisd_quarantine_t:dir create_dir_perms;
+allow tmpreaper_t amavisd_quarantine_t:file link_file_perms;
 ')

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]