-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
domg472 g472 wrote:
Hello,
With regard to procmail, i think your policy is missing a domain
transition to spamassassin.
A custom policy looking something like the following may or may not
fix that issue:
mkdir ~/myprocmail; cd ~/myprocmail;
echo "policy_module(myprocmail, 0.0.1)" > myprocmail.te;
echo "require { type procmail_t; }" >> myprocmail.te;
echo "optional_policy(`" >> myprocmail.te;
echo "spamassassin_domtrans_spamc(procmail_t)" >> myprocmail.te;
echo "')" >> myprocmail.te;
make -f /usr/share/selinux/devel/Makefile
/usr/sbin/semodule -i myprocmail.pp
With regard to webalizer it looks like webalizer is searching
something in a "bin" directory.
If you want you can allow this.
mkdir ~/mywebalizer; cd ~mywebalizer;
echo "policy_module(mywebalizer, 0.0.1)" > mywebalizer.te;
echo "require { type webalizer_t; }" >> mywebalizer.te;
echo "corecmd_search_bin(webalizer_t)" >> mywebalizer.te;
make -f /usr/share/selinux/devel/Makefile
/usr/sbin/semodule -i mywebalizer.pp
It may be that both procmail and webalizer domains need more access
after this, but you will notice that if this is the case.
P.s. You may or may not need to escape some of the characters in my example.
Hth,
Dominick
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora 10 and Rawhide
have a domtrans to spamc, but RHEL5 looks like it
only able to execute spamc without a transition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAklrdkEACgkQrlYvE4MpobNI8ACfRAv7WPFed5YrOQT15aFHIdlZ
tusAn0jeucaL0XurCwzab9hChLT/eEA/
=k4Pd
-----END PGP SIGNATURE-----