postfix, procmail and SELinux - No Go

Daniel J Walsh dwalsh at redhat.com
Wed Jun 21 14:23:59 UTC 2006


Paul Howarth wrote:
> On Tue, 2006-06-20 at 17:35 -0400, Daniel J Walsh wrote:
>   
>> Ok if you guys have this all working, I would like to grab your policy 
>> modules and merge them so upstream can get them.
>>     
>
> It's not ready yet.
>
> Firstly, there are a bunch of things currently allowed by the policy
> that we don't yet understand (such as why the postfix master program
> wants to read the attributes of one of its own manpages). I'd like to
> know what, if anything, breaks if these curious things are not allowed.
>
> Secondly, I think that clamassassin needs its own domain. Currently it
> starts running in the procmail domain, makes a temp file of the message
> to be scanned (which will be procmail_tmp_t) and then has clamscan scan
> the file (so clamscan needs to be able to read procmail_tmp_t files). If
> clamassassin had its own domain, the temp file could be written as
> clamscan_tmp_t, which would be much better.
>
> Paul.
>
>   
OK when you have it working the way you want we can merge it in.




More information about the fedora-selinux-list mailing list