postfix, procmail and SELinux - No Go
Daniel J Walsh
dwalsh at redhat.com
Wed Jun 21 14:23:59 UTC 2006
Paul Howarth wrote:
> On Tue, 2006-06-20 at 17:35 -0400, Daniel J Walsh wrote:
>
>> Ok if you guys have this all working, I would like to grab your policy
>> modules and merge them so upstream can get them.
>>
>
> It's not ready yet.
>
> Firstly, there are a bunch of things currently allowed by the policy
> that we don't yet understand (such as why the postfix master program
> wants to read the attributes of one of its own manpages). I'd like to
> know what, if anything, breaks if these curious things are not allowed.
>
> Secondly, I think that clamassassin needs its own domain. Currently it
> starts running in the procmail domain, makes a temp file of the message
> to be scanned (which will be procmail_tmp_t) and then has clamscan scan
> the file (so clamscan needs to be able to read procmail_tmp_t files). If
> clamassassin had its own domain, the temp file could be written as
> clamscan_tmp_t, which would be much better.
>
> Paul.
>
>
OK when you have it working the way you want we can merge it in.
More information about the fedora-selinux-list
mailing list