Procmail can't delete a tmp file but has free reign over regular files???
Robert Nichols
rnicholsNOSPAM at comcast.net
Tue Apr 23 18:55:55 UTC 2013
A process running as procmail_t can do pretty much anything to files of
type user_home_t, but is restricted from the user_tmp_t file in /tmp
that I want to use as a semaphore. Were is the logic in that? It's
like granting free access to the vault, but locking up the
leave-a-penny-take-a-penny jar.
From selinux-policy-targeted-3.7.19-195.el6_4.3.noarch:
allow procmail_t user_home_t : file { ioctl read write create getattr setattr
lock append unlink link rename open } ;
allow application_domain_type user_tmp_t : file { getattr append } ;
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the selinux
mailing list