Denials from spamc and webalizer on Centos 5.2
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 12 16:56:33 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
domg472 g472 wrote:
> Hello,
>
> With regard to procmail, i think your policy is missing a domain
> transition to spamassassin.
>
> A custom policy looking something like the following may or may not
> fix that issue:
>
> mkdir ~/myprocmail; cd ~/myprocmail;
> echo "policy_module(myprocmail, 0.0.1)" > myprocmail.te;
> echo "require { type procmail_t; }" >> myprocmail.te;
> echo "optional_policy(`" >> myprocmail.te;
> echo "spamassassin_domtrans_spamc(procmail_t)" >> myprocmail.te;
> echo "')" >> myprocmail.te;
>
> make -f /usr/share/selinux/devel/Makefile
> /usr/sbin/semodule -i myprocmail.pp
>
> With regard to webalizer it looks like webalizer is searching
> something in a "bin" directory.
> If you want you can allow this.
>
> mkdir ~/mywebalizer; cd ~mywebalizer;
> echo "policy_module(mywebalizer, 0.0.1)" > mywebalizer.te;
> echo "require { type webalizer_t; }" >> mywebalizer.te;
> echo "corecmd_search_bin(webalizer_t)" >> mywebalizer.te;
>
> make -f /usr/share/selinux/devel/Makefile
> /usr/sbin/semodule -i mywebalizer.pp
>
> It may be that both procmail and webalizer domains need more access
> after this, but you will notice that if this is the case.
>
> P.s. You may or may not need to escape some of the characters in my example.
>
> Hth,
> Dominick
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fedora 10 and Rawhide have a domtrans to spamc, but RHEL5 looks like it
only able to execute spamc without a transition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklrdkEACgkQrlYvE4MpobNI8ACfRAv7WPFed5YrOQT15aFHIdlZ
tusAn0jeucaL0XurCwzab9hChLT/eEA/
=k4Pd
-----END PGP SIGNATURE-----
More information about the selinux
mailing list