Postfix/mailman problem
Eric Smith
eric at brouhaha.com
Fri Mar 3 17:38:43 UTC 2006
Ivan wrote:
> Yes. It seems like it's currently able to run shells (shell_exec_t).
> Doesn't appear like it can run python (bin_t).
Hmmm... maybe Python should be considered a shell? From the POV of
SELinux policy, is the defining characteristic of a shell that it is
interactive, or that it runs scripts? I notice that the bash has
shell_exec_t, which csh has only bin_t.
> Also, I think enumerating what can be run in the postfix policy is not a
> very good idea - should have a macro instead, to be called by client
> domains. The macro would go into postfix.if.
Sure, but my immediate goal is to find the simplest way to change it
such that I can turn enforcing back on again on my server. While it
would be great to do it in a correct and elegant manner, I think it's
going to be a while before I understand this stuff well enough to do
that.
Eric
More information about the selinux
mailing list