Re: procmail with nfs home dirs

Matthew Gillen wrote:
I'm new to SELinux, and I was having some problems with procmail not working
correctly for me with NFS (via NIS-based autofs) home directories on FC5.

There seemed to be a discussion about a similar issue a while back:
but the solutions there didn't solve my problem.

In any event, I managed to get it working for myself using the following
policy module.  The 'autofs_t:dir search' part seemed to be needed to find
my .procmailrc file, and the rest looks like it is needed to write messages
into my maildirs under $HOME/Mail/

If anyone has suggestions on how to improve this I'd be happy to hear them.

module procmailnfs 1.0;

require {
        class dir { getattr search write };
        class file { append getattr read };
        type autofs_t;
        type default_t;
        type procmail_t;
        role system_r;

allow procmail_t autofs_t:dir search;
allow procmail_t default_t:dir { getattr search write };
allow procmail_t default_t:file { append getattr read };

A couple of things:

1. I'm surprised you're getting default_t as the type; NFS directories here are nfs_t

2. I'd wrap the parts needed for NFS home directories with a conditional based on the state of the use_nfs_home_dirs boolean, as for instance happens in the xserver policy:



