[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Please help getting a policy to compile with mta_send_mail()

From: Stephen Smalley <sds tycho nsa gov>
To: Edward Kuns <ekuns kilroy chi il us>
Cc: fedora-selinux-list redhat com
Subject: Re: Please help getting a policy to compile with mta_send_mail()
Date: Thu, 06 Mar 2008 08:24:33 -0500

On Wed, 2008-03-05 at 22:38 -0600, Edward Kuns wrote:
> I know I must be doing something wrong, but hours and hours of googling
> have not turned up any help.  The following is in myclamav.te:
> 
> module myclamav 1.0;
> 
> require {
> 	type shell_exec_t;
> 	type sendmail_exec_t;
> 	type bin_t;
> 	type clamd_t;
> 	class dir search;
> 	class file { execute getattr };
> }
> 
> mta_send_mail(clamd_t);
> 
> #============= clamd_t ==============
> allow clamd_t bin_t:dir search;
> allow clamd_t sendmail_exec_t:file { execute getattr };
> allow clamd_t shell_exec_t:file getattr;
> 
> 
> As root, I run:
> 
> checkmodule -m myclamav.te 

When building policy modules that use refpolicy interfaces, you need to
use the refpolicy build infrastructure.  yum install
selinux-policy-devel and make -f /usr/share/selinux/devel/Makefile
myclamav.pp.

-- 
Stephen Smalley
National Security Agency

References:
- Please help getting a policy to compile with mta_send_mail()
  - From: Edward Kuns

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]