Does SETroubleshoot speak to SEBool?
Arthur Dent
selinux.list at troodos.demon.co.uk
Mon Feb 2 18:46:14 UTC 2009
On Mon, Feb 02, 2009 at 07:01:16PM +0100, Dominick Grift wrote:
> On second thought, no. I do not think spamd_t has access to
> user_pyzor_home_t.
>
> sesearch --allow -s spamd_t | grep home | less
>
> so i guess your custom module fixes that. consider filing a bug report
> for this issue.
Thanks for your help. I have not yet altered my new local policy, but I
thought I would try a reboot to see if that had any affect...
Oh boy! A whole raft of denials...
This is the audit2allow result of this recent batch. It seems quite a
lot to me!
require {
type user_pyzor_home_t;
type admin_home_t;
type spamd_t;
type procmail_t;
class dir { read write add_name remove_name };
class file { read create ioctl write getattr unlink append };
}
#============= procmail_t ==============
init_stream_connect_script(procmail_t)
#============= spamd_t ==============
allow spamd_t admin_home_t:dir { read write add_name remove_name };
allow spamd_t admin_home_t:file { write getattr read create unlink ioctl
append };
allow spamd_t user_pyzor_home_t:file { read getattr };
userdom_read_sysadm_home_content_files(spamd_t)
What do you think?
Thanks again
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090202/26e1f4f3/attachment.sig>
More information about the fedora-selinux-list
mailing list