Adding two new booleans to httpd to tighten it's security.
Nicolas Mailhot
nicolas.mailhot at laposte.net
Mon Dec 12 20:06:00 UTC 2005
On Lun 12 décembre 2005 20:27, Christopher J. PeBenito wrote:
> On Sat, 2005-12-10 at 20:08 +0100, Nicolas Mailhot wrote:
>> How about having selinux play nice with spamassassin at last ?
>>
>> It's still not able to create resolver sockets
>> "Error creating a DNS resolver socket"
>
> This is fixed upstream.
I think it is in spamd context but not in procmail context.
>> or writing in its own files
>>
>> cannot create tmp lockfile ~/.spamassassin/bayes.lock.xxx
>> cannot write to ~/.spamassassin/user_pref
>
> You didn't say what the denial was.
A lot of traces where attached in redhat bugzilla entries.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172088
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172496
They no longuer appear in audit.log - I suspect /homes accesses are now
filtered by default
(when the problem was first reported a few weeks ago they did appear as AVCs)
The tricky bit is most of them are executed for the home user, but in
procmail context.
Regards,
--
Nicolas Mailhot
More information about the fedora-selinux-list
mailing list