Hi Vadym,
On 19/07/09 04:35, Vadym Chepkov wrote:
I have a script, executed by apache, which is running in
httpd_svn_script_t domain. This script calls svn-mailer(bin_t) which in turns calls
/usr/sbin/sendmail.sendmail(sendmail_exec_t) and since there is no transition defined,
sendmail still runs in httpd_svn_script_t and I get humongous amount of avc's. What
would be the proper rule to add to the local policy to make sendmail running in the proper
domain, sendmail_t?
And for that matter if httpd_can_sendmail --> on, shouldn't it be happening
automatically? Thank you.
Sincerely yours,
Vadym Chepkov
I'm just back off vacation and saw your email. Funnily enough I wrote an
svnmailer policy a few weeks ago, so it would be interesting to compare
notes:
I've actually split it into two modules, svnmailer for the policy
itself, and svnmailer-extras for additional interfaces needed in other
policy modules. I find this arrangement is easier to manage when getting
policy merged upstream.
I made my hook scripts httpd_sys_script_exec_t and transition from there
to httpd_svnmailer_script_t via a domtrans. The svn repository itself is
httpd_sys_content_rw_t.
Paul.