sendmail+greylist-milter problem
Russell Coker
russell at coker.com.au
Sun Dec 25 13:35:43 UTC 2005
On Monday 26 December 2005 00:57, Alexey Tarasov <glorg at bk.ru> wrote:
> But I've noticed some moments in patch:
> ---
> +/var/lib/milter-greylist(/.*)? system_u:object_r:mta_filter_var_lib_t:s0
> +/var/lib/milter-greylist/run/milter-greylist.sock -s
> system_u:object_r:mta_filter_var_run_t:s0 +/usr/sbin/milter-greylist --
> system_u:object_r:mta_filter_exec_t:s0 ---
> By default (make, make install), $DESTDIR is not set, so Makefile from
> milter-greylist 2.0.2
>
> ${INSTALL} -d -m 755 -o ${USER} ${DESTDIR}/var/milter-greylist
>
> create db and stuff dir /var/milter-greylist, not /var/lib/milter-greylist
/var/lib is a more appropriate location and is the location used in the Fedora
Extras package (which is what I'm supporting with my policy).
Also the socket file belongs under /var/run according to my interpretation of
the FHS, I've added an update to a bugzilla entry for the milter-greylist
package with this suggestion.
> Default locations, defined in greylist.conf, are:
>
> #pidfile "/var/run/milter-greylist.pid"
> #socket "/var/milter-greylist/milter-greylist.sock"
> #dumpfile "/var/milter-greylist/greylist.db"
Good point about the pid file, that's something I forgot. I've updated the
policy on my test machine, next time I release a patch I'll include it.
> Also, executable milter_greylist placed to /usr/local/sbin:
Policy that we release will always be for programs that are packaged as RPMs,
such programs will be under (/usr)?/s?bin not under /usr/local.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list