[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Denials from spamc and webalizer on Centos 5.2

From: "domg472 g472" <domg472 gmail com>
To: rchapman aardvark com au
Cc: fedora-selinux-list redhat com
Subject: Re: Denials from spamc and webalizer on Centos 5.2
Date: Mon, 12 Jan 2009 13:44:48 +0100

Hello,

With regard to procmail, i think your policy is missing a domain
transition to spamassassin.

A custom policy looking something like the following may or may not
fix that issue:

mkdir ~/myprocmail; cd ~/myprocmail;
echo "policy_module(myprocmail, 0.0.1)" > myprocmail.te;
echo "require { type procmail_t; }" >> myprocmail.te;
echo "optional_policy(`" >> myprocmail.te;
echo "spamassassin_domtrans_spamc(procmail_t)" >> myprocmail.te;
echo "')" >> myprocmail.te;

make -f /usr/share/selinux/devel/Makefile
/usr/sbin/semodule -i myprocmail.pp

With regard to webalizer it looks like webalizer is searching
something in a "bin" directory.
If you want you can allow this.

mkdir ~/mywebalizer; cd ~mywebalizer;
echo "policy_module(mywebalizer, 0.0.1)" > mywebalizer.te;
echo "require { type webalizer_t; }" >> mywebalizer.te;
echo "corecmd_search_bin(webalizer_t)" >> mywebalizer.te;

make -f /usr/share/selinux/devel/Makefile
/usr/sbin/semodule -i  mywebalizer.pp

It may be that both procmail and webalizer domains need more access
after this, but you will notice that if this is the case.

P.s. You may or may not need to escape some of the characters in my example.

Hth,
Dominick

Follow-Ups:
- Re: Denials from spamc and webalizer on Centos 5.2
  - From: Daniel J Walsh
- Re: Denials from spamc and webalizer on Centos 5.2
  - From: Richard Chapman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]