I haven't worked on the postfix pipe policy, but it seems like
the only
thing it can execute at the moment is procmail.
How is that determined? I can't find a single reference to procmail
anywhere in the SELinux targeted configuration, and procmail doesn't
seem to have any special context:
# ls --lcontext /usr/bin/procmail
-rwxr-xr-x 1 system_u:object_r:bin_t root mail 100680 Mar 18
2005 /usr/bin/procmail
I would say:
- the type mailman_queue_exec_t looks wrong for that file - how did it
get this type?
I'm not sure, actually. Should it just be system_u:object_r:bin_t?
- the file /usr/lib/mailman/mail (which your script runs) appears to
be
a SGID executable to group mailman which runs other [mailman] programs.
It has type lib_t, which is incorrect. I think whatever regexps are
currently used in policy are overly generic, and misclassify lots of
things as lib_t.
Should I change its context to system_u:object_r:bin_t?
In the short run, maybe a macro can be added to postfix that takes a
domain and allows postfix_pipe to run that.
Makes sense. I don't have any idea how to do it, though perhaps I can
find time this weekend to study the O'Reilly book more.
Thanks!
Eric