Postfix/mailman problem
Daniel J Walsh
dwalsh at redhat.com
Sat Mar 11 12:47:37 UTC 2006
Eric Smith wrote:
> Ivan wrote:
>
>> Yes. It seems like it's currently able to run shells (shell_exec_t).
>> Doesn't appear like it can run python (bin_t).
>>
>
> Hmmm... maybe Python should be considered a shell? From the POV of
> SELinux policy, is the defining characteristic of a shell that it is
> interactive, or that it runs scripts? I notice that the bash has
> shell_exec_t, which csh has only bin_t.
>
>
>> Also, I think enumerating what can be run in the postfix policy is not a
>> very good idea - should have a macro instead, to be called by client
>> domains. The macro would go into postfix.if.
>>
>
> Sure, but my immediate goal is to find the simplest way to change it
> such that I can turn enforcing back on again on my server. While it
> would be great to do it in a correct and elegant manner, I think it's
> going to be a while before I understand this stuff well enough to do
> that.
>
> Eric
>
>
Changes in latest policy 2.2.23-15 should allow postfix to communicate
with mailman_queue_exec_t
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list