* postfix policy
@ 2003-08-09 14:26 Carsten Grohmann
0 siblings, 0 replies; only message in thread
From: Carsten Grohmann @ 2003-08-09 14:26 UTC (permalink / raw)
To: Russell Coker; +Cc: SELinux
[-- Attachment #1: Type: text/plain, Size: 200 bytes --]
Hi Russel,
some systems have /usr/lib/sendmail as an link to
/usr/sbin/sendmail. The attached patch contains the changes.
Would you like to add it to your postfix policy?
Greetings
Carsten
[-- Attachment #2: postfix.diff --]
[-- Type: text/x-diff, Size: 1045 bytes --]
--- mta.orig.fc 2003-03-14 21:08:47.000000000 +0100
+++ mta.fc 2003-08-09 16:20:19.000000000 +0200
@@ -1,5 +1,6 @@
# types for general mail servers
/usr/sbin/sendmail(.sendmail)? system_u:object_r:sendmail_exec_t
+/usr/lib/sendmail system_u:object_r:sendmail_exec_t
/etc/aliases system_u:object_r:etc_aliases_t
/etc/aliases\.db system_u:object_r:etc_aliases_t
/var/spool/mail(/.*)? system_u:object_r:mail_spool_t
--- postfix.orig.te 2003-07-29 21:15:09.000000000 +0200
+++ postfix.te 2003-08-09 16:22:04.000000000 +0200
@@ -75,6 +75,7 @@
allow postfix_master_t sysctl_kernel_t:file r_file_perms;
allow postfix_master_t self:fifo_file rw_file_perms;
allow postfix_master_t usr_t:file r_file_perms;
+allow postfix_master_t sendmail_exec_t:lnk_file { read };
can_exec(postfix_master_t, { shell_exec_t bin_t postfix_exec_t })
# chown is to set the correct ownership of queue dirs
allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service };
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-08-09 14:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-09 14:26 postfix policy Carsten Grohmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.