chepkov at yahoo.com
Mon Aug 3 13:31:31 UTC 2009
I filed bugzilla report about it, https://bugzilla.redhat.com/show_bug.cgi?id=509644
--- On Sun, 8/2/09, Scott Radvan <sradvan at redhat.com> wrote:
> From: Scott Radvan <sradvan at redhat.com>
> Subject: spamassassin transition
> To: fedora-selinux-list at redhat.com
> Date: Sunday, August 2, 2009, 8:20 PM
> Working on the Postfix chapter in my SELinux managing
> confined services
> book  and am having trouble with Postfix/spamassassin.
> I have got email traversing back and forth just fine, but I
> am trying to
> invoke a denial or a problem for which I can document the
> spamassassin_can_network seems to be a good Boolean to
> explain, show
> the denial and then show the work-around for.
> This Boolean is off by default, which as far as I can tell
> would stop
> spamassassin from launching as a daemon listening on the
> actual IP/interface.
> But my problem is that it is launching without a problem
> and listening
> on the machine's interface without error. I am assuming
> that it is
> working fine because the spamassassin processes are only
> launching as
> initrc_t, when it should be transitioning to something
> # ps -eZ | grep spamd
> unconfined_u:system_r:initrc_t:s0 3085 ?
> 00:00:01 spamd
> unconfined_u:system_r:initrc_t:s0 3087 ?
> 00:00:00 spamd
> unconfined_u:system_r:initrc_t:s0 3088 ?
> 00:00:00 spamd
> # ls -lZ /etc/init.d/spamassassin
> (I tried labelling this differently to this default
> setting, to
> spamd_initrc_exec_t, but to no avail.)
> # getsebool -a | grep spam
> spamassassin_can_network --> off
> spamd_enable_home_dirs --> on
> Basically I need to make sure spamassassin is starting
> normally so that
> the Boolean mentioned will block access. So any help is
> should spamassassin as a daemon transition to something
> other than
> initrc_t? And how do I get it to do so?
> Or am I going down the wrong track to get this Boolean
> which is off by
> default to do something which I can demonstrate and fix?
> Thank you,
> Scott Radvan
> Content Author, Platform (Installation and Deployment)
> Red Hat Asia Pacific (Brisbane) http://www.apac.redhat.com
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
More information about the fedora-selinux-list