[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: httpd can't send mails

From: "David Caplan" <dac tresys com>
To: "Shintaro Fujiwara" <shin216 xf7 so-net ne jp>, "fedora-selinux-list" <fedora-selinux-list redhat com>
Cc:
Subject: RE: httpd can't send mails
Date: Tue, 3 Jul 2007 09:10:56 -0400

Hi,

> -----Original Message-----
> From: fedora-selinux-list-bounces redhat com
[mailto:fedora-selinux-list-
> bounces redhat com] On Behalf Of Shintaro Fujiwara
> Sent: Monday, July 02, 2007 2:48 PM
> To: fedora-selinux-list
> Subject: Re: httpd can't send mails
> 
> 
> If you using postfix, here's what I did.
> I made interface for postfix.
> 
> ########################################
> ## <summary>
> ##      for xoops sending mail from postfix.
> ## </summary>
> ## <param name="domain">
> ##      Domain allowed to sending mails.
> ## </param>
> #
> 
> interface(`xoops_send_mail_by_postfix',`
>         gen_require(`
>                 type bin_t;
>                 type smtp_port_t;
>                 type sendmail_exec_t;
>         ')
>         allow $1 bin_t:dir search;
>         allow $1 smtp_port_t:tcp_socket { name_connect send_msg
> recv_msg };
>         allow $1 sendmail_exec_t:file { execute execute_no_trans
getattr
> read };
> ')
> 

If you have the full reference policy source you should use defined
interfaces instead of breaking encapsulation of the types. For example,
you can rewrite your interface without any requires as:

interface(`xoops_send_mail_by_postfix',`

        corecmd_search_bin($1)

        corenet_tcp_connect_smtp_port($1)
        corenet_tcp_sendrecv_smtp_port($1)

        mta_exec($1)
')

David

Follow-Ups:
- RE: httpd can't send mails
  - From: Shintaro Fujiwara

References:
- Re: httpd can't send mails
  - From: Shintaro Fujiwara

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]