SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Tweaks to the amavis policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Daniel J Walsh <dwalsh_at_redhat.com> Date: Fri, 22 Apr 2005 07:08:15 -0400 Russell Coker wrote: >On Thursday 17 March 2005 00:18, David Hampton ><hampton-rh@rainbolthampton.net> wrote: > > >>I've added support to the (unused) amavis policy to allow interaction >>with additional mail filters, and added a new type specifically for >>quarantined spam and viruses. I also tweaked the network access to >>limit ports that can be used by amavisd. I'd appreciate any feedback on >>these changes or tips on how to write better policies. Thanks. >> >> > >+# Tmp reaper >+ifdef(`tmpreaper.te', ` >+allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr >unlink }; >+allow tmpreaper_t amavisd_quarantine_t:file getattr; >+') > >tmpreaper_t should not need setattr access to the directory. > >To perform any useful function tmpreaper_t will need read/write access to the >directory and unlink access to the file such as the following: > >allow tmpreaper_t amavisd_quarantine_t:dir { rw_dir_perms unlink }; >allow tmpreaper_t amavisd_quarantine_t:file { getattr unlink }; > > > Why not add the attribute tmpfile to amavisd_quarantine_t and you get this for free. Dan -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 22 Apr 2005 - 07:21:01 EDT This message: [ Message body ] Next message: Joshua Brindle: "Re: policy hierarchy patch" Previous message: Russell Coker: "Re: This weeks diffs" In reply to: Russell Coker: "Re: Tweaks to the amavis policy" Next in thread: Russell Coker: "Re: Tweaks to the amavis policy" Reply: Russell Coker: "Re: Tweaks to the amavis policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom