[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Updates to amavisd [patch]



On Friday 15 April 2005 07:35, David Hampton <hampton-rh rainbolthampton net> 
wrote:
> The attached patch updates the (unused) amavisd policy to work with the
> changes in the FC strict/1.23.10-2 policy.  It also fixes the access
> needed by tmpreaper to delete files from the caught spam/virus
> directory.

+allow initrc_t amavisd_etc_t:file read;
Generally it's a bad idea to grant read access without getattr.

@@ -120,6 +122,6 @@

 # Tmp reaper
 ifdef(`tmpreaper.te', `
-allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr 
unlink
 };
-allow tmpreaper_t amavisd_quarantine_t:file getattr;
+allow tmpreaper_t amavisd_quarantine_t:dir create_dir_perms;
+allow tmpreaper_t amavisd_quarantine_t:file link_file_perms;
 ')

tmpreaper_t shouldn't be creating directories.  For the file access { getattr 
unlink } should be sufficient.

The following should do:
allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]