From: martin@martinorr.name (Martin Orr)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] services_amavis.patch
Date: Thu, 25 Sep 2008 13:19:02 +0100 [thread overview]
Message-ID: <48DB81B6.6060906@martinorr.name> (raw)
In-Reply-To: <200809251719.10269.russell@coker.com.au>
On 25/09/08 08:19, Russell Coker wrote:
> On Thursday 25 September 2008 06:52, Daniel J Walsh <dwalsh@redhat.com> wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_amavis.patch
>>
>> Add initrc script support
>
> How much success are people having with the policy that has Amavis and ClamAV
> in different domains?
Well I run amavis and clamav in separate domains (with Courier as MTA, so
that may be different from using exim/postfix), and the only extra rule I
need for clamav is:
read_files_pattern(clamd_t, courier_spool_t, courier_spool_t)
(I have a bunch more rules for amavisd to talk to Courier, but then my
Courier policy is entirely home-grown.)
> The CentOS servers that I run have Amavis and ClamAV running unconfined
> because getting the policy to work was too difficult (the two daemons
> interact with each other a lot, trying to keep them separate is a lost
> cause).
How do they interact with each other beyond communicating by a socket and
clamd reading amavis spool files?
And people might want to use clamav to scan things other than mail, or to
use a commercial AV scanner with amavis (of course in the latter case, they
would have to write policy for the AV scanner themselves).
Best wishes,
--
Martin Orr
next prev parent reply other threads:[~2008-09-25 12:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-24 20:52 [refpolicy] services_amavis.patch Daniel J Walsh
2008-09-25 7:19 ` Russell Coker
2008-09-25 12:19 ` Martin Orr [this message]
2008-09-27 0:42 ` Russell Coker
2008-10-01 11:17 ` Martin Orr
2008-10-01 12:31 ` Daniel J Walsh
2008-10-02 2:32 ` Russell Coker
2008-10-06 18:28 ` Christopher J. PeBenito
2008-10-02 12:31 ` Christopher J. PeBenito
2008-10-02 20:29 ` Russell Coker
2008-09-25 20:10 ` Daniel J Walsh
2008-09-25 21:03 ` Russell Coker
2008-10-06 18:20 ` Christopher J. PeBenito
2008-10-06 20:29 ` Russell Coker
2008-10-08 20:06 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2009-11-12 21:11 Daniel J Walsh
2009-12-18 15:48 ` Christopher J. PeBenito
2010-02-23 19:44 Daniel J Walsh
2010-08-26 20:47 Daniel J Walsh
2010-09-15 13:20 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48DB81B6.6060906@martinorr.name \
--to=martin@martinorr.name \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.