New policy for Pop-before-smtp daemon
Russell Coker
russell at coker.com.au
Thu Apr 21 15:04:42 UTC 2005
On Thursday 17 March 2005 00:19, David Hampton <hampton at employees.org> wrote:
> Here's a new policy to support the pop-before-smtp daemon from
> http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz . I'd
> appreciate any feedback on these files or tips on how to write better
> policies. Thanks.
All policy that you publish should use the proper locations of files as used
in packaged software. /usr/local is only for things that the administrator
compiles themself and generally shouldn't appear in .fc files.
daemon_domain() has the domain_auto_trans() rule to allow running from
initrc_t.
This daemon does not need two domains, just give it one, things will be a lot
easier and no less secure.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pop.diff
Type: text/x-diff
Size: 992 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20050422/7be2dead/attachment.bin
More information about the selinux
mailing list