Fedora 16 and procmail

David Highley dhighley at highley-recommended.com
Sun Jan 22 03:47:30 UTC 2012 

"David Highley wrote:"
> 
> module myprocmail 1.0;
> 
> require {
>         type quota_db_t;
>         type etc_aliases_t;
>         type procmail_t;
>         type admin_home_t;
>         type spamc_t;
>         type shadow_t;
>         class file { getattr read open append lock };
>         class dir  { getattr read open write };
>         class capability { dac_read_search dac_override };
> }
> 
> #============= procmail_t ==============
> allow procmail_t etc_aliases_t:file { getattr read open };
> allow procmail_t quota_db_t:file { getattr append open lock };
> allow procmail_t admin_home_t:dir write;
> allow procmail_t admin_home_t:file open;
> allow spamc_t self:capability { dac_read_search dac_override };
> allow spamc_t shadow_t:file read;
> 
> 
> Then everytime we do a restorecon -vR for a home directory we get the
> following and if you repeat the command you will get the same output.
> We did do, semanage fcontext -a -e /home /export/home, so selinux knows
> that this is a home directory structure for NFS automounting.
> 
> restorecon -vR /export/home/chighley
> restorecon reset /export/home/chighley/.pyzor context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:pyzor_home_t:s0
> restorecon reset /export/home/chighley/.pyzor/servers context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:pyzor_home_t:s0
> restorecon reset /export/home/chighley/.razor context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/identity context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/razor-agent.log context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c101.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c102.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c103.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c104.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c105.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c118.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c121.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c122.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c123.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c301.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c302.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c303.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c304.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.c305.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.folly.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.joy.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n001.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n002.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n003.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/server.n004.cloudmark.com.conf context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.catalogue.lst
> context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.discovery.lst
> context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.nomination.lst
> context
> unconfined_u:object_r:spamc_home_t:s0->unconfined_u:object_r:razor_home_t:s0
> restorecon reset /export/home/chighley/.razor/servers.catalogue.lst.lock
> context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:razor_home_t:s0
> restorecon reset
> /export/home/chighley/.razor/servers.nomination.lst.lock context
> system_u:object_r:spamc_home_t:s0->system_u:object_r:razor_home_t:s0
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

Another thing we just noticed in sending this email. The sent file did
not get a copy of this email, I know it ancient but light weight across
the wide network, sent by elm. No avc thrown so we suspect were not
seeing all the issues.

More information about the selinux mailing list