Please review allow rules

Charles A. Crayne ccrayne at
Tue Aug 22 02:20:10 UTC 2006

The following rule were created by audit2allow to enable my server to
operate denial messages. If some kind sole would glance over them to see
if they raise any red flags, I would appreciate it.

allow fetchmail_t user_home_t:file { getattr ioctl read };
allow httpd_sys_script_t user_home_t:dir { getattr read remove_name rmdir
 search write }; 
allow httpd_sys_script_t user_home_t:file { append execute
 execute_no_trans getattr ioctl read unlink }; 
allow httpd_t snmpd_var_lib_t:file { getattr read }; 
allow httpd_t system_dbusd_var_run_t:dir { getattr read }; 
allow innd_t file_t:file { getattr ioctl read write }; 
allow innd_t home_root_t:dir search;
allow innd_t tmp_t:dir search;
allow innd_t user_home_t:file { getattr read };
allow procmail_t inaddr_any_node_t:tcp_socket node_bind;
allow procmail_t innd_etc_t:dir search;
allow procmail_t innd_etc_t:file read;
allow procmail_t innd_exec_t:file { execute execute_no_trans read };
allow procmail_t innd_port_t:tcp_socket name_connect;
allow procmail_t ls_exec_t:file { execute execute_no_trans getattr read };
allow procmail_t procmail_exec_t:file execute_no_trans;
allow procmail_t pyzor_exec_t:file { execute execute_no_trans getattr
 ioctl read }; 
allow procmail_t razor_port_t:tcp_socket name_connect;
allow procmail_t smtp_port_t:tcp_socket name_connect;
allow procmail_t tmp_t:dir { add_name create read remove_name rmdir search
 write }; 
allow procmail_t tmp_t:file { create getattr ioctl read unlink
 write }; 
allow procmail_t user_home_t:file { execute execute_no_trans };
allow spamd_t pyzor_exec_t:file { execute execute_no_trans getattr ioctl
 read }; 
allow spamd_t user_home_dir_t:dir read;
allow spamd_t user_home_dir_t:file { append getattr ioctl read };
allow xfs_t default_t:dir search;
allow xfs_t default_t:file { getattr read };

-- Chuck

More information about the fedora-selinux-list mailing list