[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New policy for pyzor



On Tuesday 22 March 2005 12:23, David Hampton <hampton-rh rainbolthampton net> 
wrote:
> This is a new strict policy for the pyzor spam filter.  It is based on
> the selinux-policy-strict-sources-1.23.2-1 fedora RPM.  This policy
> requires the definition of a pyzor reserved port that was in the
> net_contexts diff I sent last Wednesday.  Please let me know if there
> are any problems with or changes needed to this policy.

Attached a patch to allow it to work from console logins.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
--- pyzor_macros.te.old	2005-04-22 01:06:30.000000000 +1000
+++ pyzor_macros.te	2005-04-22 01:07:38.000000000 +1000
@@ -63,6 +63,6 @@
 
 # Allow pyzor to be run by hand.  Needed by any action other than
 # invocation from a spam filter.
-allow $1_pyzor_t $1_devpts_t:chr_file rw_file_perms;
-allow $1_pyzor_t sshd_t:fd use;
+allow $1_pyzor_t { $1_devpts_t $1_tty_device_t }:chr_file rw_file_perms;
+allow $1_pyzor_t privfd:fd use;
 ')

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]