Tweaks to the amavis policy
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 22 11:08:15 UTC 2005
Russell Coker wrote:
>On Thursday 17 March 2005 00:18, David Hampton
><hampton-rh at rainbolthampton.net> wrote:
>
>
>>I've added support to the (unused) amavis policy to allow interaction
>>with additional mail filters, and added a new type specifically for
>>quarantined spam and viruses. I also tweaked the network access to
>>limit ports that can be used by amavisd. I'd appreciate any feedback on
>>these changes or tips on how to write better policies. Thanks.
>>
>>
>
>+# Tmp reaper
>+ifdef(`tmpreaper.te', `
>+allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr
>unlink };
>+allow tmpreaper_t amavisd_quarantine_t:file getattr;
>+')
>
>tmpreaper_t should not need setattr access to the directory.
>
>To perform any useful function tmpreaper_t will need read/write access to the
>directory and unlink access to the file such as the following:
>
>allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink };
>allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink };
>
>
>
Why not add the attribute tmpfile to amavisd_quarantine_t and you get
this for free.
Dan
--
More information about the fedora-selinux-list
mailing list