[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Tweaks to the amavis policy



Russell Coker wrote:

On Thursday 17 March 2005 00:18, David Hampton <hampton-rh rainbolthampton net> wrote:


I've added support to the (unused) amavis policy to allow interaction
with additional mail filters, and added a new type specifically for
quarantined spam and viruses. I also tweaked the network access to
limit ports that can be used by amavisd. I'd appreciate any feedback on
these changes or tips on how to write better policies. Thanks.



+# Tmp reaper
+ifdef(`tmpreaper.te', `
+allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr unlink };
+allow tmpreaper_t amavisd_quarantine_t:file getattr;
+')


tmpreaper_t should not need setattr access to the directory.

To perform any useful function tmpreaper_t will need read/write access to the directory and unlink access to the file such as the following:

allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };



Why not add the attribute tmpfile to amavisd_quarantine_t and you get this for free.

Dan

--



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]