From: Daniel J Walsh <dwalsh@redhat.com>
To: russell@coker.com.au,
"Fedora SELinux support list for users & developers."
<fedora-selinux-list@redhat.com>
Cc: David Hampton <hampton-rh@rainbolthampton.net>, selinux@tycho.nsa.gov
Subject: Re: Tweaks to the amavis policy
Date: Fri, 22 Apr 2005 07:08:15 -0400 [thread overview]
Message-ID: <4268DB1F.80409@redhat.com> (raw)
In-Reply-To: <200504221819.49152.russell@coker.com.au>
Russell Coker wrote:
>On Thursday 17 March 2005 00:18, David Hampton
><hampton-rh@rainbolthampton.net> wrote:
>
>
>>I've added support to the (unused) amavis policy to allow interaction
>>with additional mail filters, and added a new type specifically for
>>quarantined spam and viruses. I also tweaked the network access to
>>limit ports that can be used by amavisd. I'd appreciate any feedback on
>>these changes or tips on how to write better policies. Thanks.
>>
>>
>
>+# Tmp reaper
>+ifdef(`tmpreaper.te', `
>+allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr
>unlink };
>+allow tmpreaper_t amavisd_quarantine_t:file getattr;
>+')
>
>tmpreaper_t should not need setattr access to the directory.
>
>To perform any useful function tmpreaper_t will need read/write access to the
>directory and unlink access to the file such as the following:
>
>allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
>allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };
>
>
>
Why not add the attribute tmpfile to amavisd_quarantine_t and you get
this for free.
Dan
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-04-22 11:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-16 13:18 Tweaks to the amavis policy David Hampton
2005-04-05 13:53 ` James Carter
2005-04-22 8:19 ` Russell Coker
2005-04-22 11:08 ` Daniel J Walsh [this message]
2005-04-22 23:54 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4268DB1F.80409@redhat.com \
--to=dwalsh@redhat.com \
--cc=fedora-selinux-list@redhat.com \
--cc=hampton-rh@rainbolthampton.net \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.