razor policy
Vadym Chepkov
vchepkov at gmail.com
Fri Dec 24 17:01:51 UTC 2010
Hi,
It seems for some reason selinux-targeted policy on Fedora doesn't install razor policy and, furthermore, removes it if razor module was installed.
I guess it is done for simplicity, to have just one "spam" domain. But, somehow the proper labeling was forgotten:
selinux-policy-targeted-3.9.7-18.fc14.noarch
# ls -Z /usr/bin/razor-*
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-admin
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-check
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-client
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-report
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-revoke
# ls -dZ /home/vchepkov/.razor
drwxr-xr-x. vchepkov users unconfined_u:object_r:user_home_t:s0 /home/vchepkov/.razor
# ls -dZ /root/.razor
drwxr-xr-x. root root system_u:object_r:admin_home_t:s0 /root/.razor
Vadym
P.S. On related note, how do $HOME files get their labeling?
# semanage fcontext -l|grep pyzor
has reference only to
/root/\.pyzor(/.*)? all files system_u:object_r:pyzor_home_t:s0
but, directory gets proper labeling:
# ls -dZ /home/vchepkov/.pyzor
drwx------. vchepkov users unconfined_u:object_r:spamc_home_t:s0 /home/vchepkov/.pyzor
More information about the selinux
mailing list