This is a new strict policy for the pyzor spam filter. It is based on the selinux-policy-strict-sources-1.23.2-1 fedora RPM. This policy requires the definition of a pyzor reserved port that was in the net_contexts diff I sent last Wednesday. Please let me know if there are any problems with or changes needed to this policy.
David
From pyzor.te:
########## # pyzor daemon ########## daemon_domain(pyzord, `, privlog, nscd_client_domain') pyzor_base_domain(pyzord) allow pyzord_t pyzor_port_t:udp_socket name_bind; home_domain_access(pyzord_t, sysadm, pyzor)
Why home_domain_access()? There is no sysadm_pyzor_home_t defined, so it causes an error.
On Mon, 2005-03-21 at 20:23 -0500, David Hampton wrote:
This is a new strict policy for the pyzor spam filter. It is based on the selinux-policy-strict-sources-1.23.2-1 fedora RPM. This policy requires the definition of a pyzor reserved port that was in the net_contexts diff I sent last Wednesday. Please let me know if there are any problems with or changes needed to this policy.
David
On Wed, 2005-03-23 at 14:14 -0500, James Carter wrote:
From pyzor.te:
Why home_domain_access()?
If you don't specify a directory with the --homedir argument, pyzor creates a ~/.pyzor directory to store its files. I've had them created as both /root/.pyzor and /home/david/.pyzor depending upon which uid I use to run the applications. Try something like:
cat virus-20050321-104527-01034-08 | pyzor check
as various users.
There is no sysadm_pyzor_home_t defined, so it causes an error.
Oops. That would be because I forgot to include a diff to base_user_macros.te. Attached below.
David
On Wed, Mar 23, 2005 at 03:37:33PM -0500, David Hampton wrote:
On Wed, 2005-03-23 at 14:14 -0500, James Carter wrote:
From pyzor.te:
Why home_domain_access()?
If you don't specify a directory with the --homedir argument, pyzor creates a ~/.pyzor directory to store its files. I've had them created as both /root/.pyzor and /home/david/.pyzor depending upon which uid I use to run the applications.
... btw just as an aside, what the heck is razor doing attempting to create /razor.log and /root/razor.log?
l.
On Thu, 2005-03-24 at 10:35 +0000, Luke Kenneth Casson Leighton wrote:
... btw just as an aside, what the heck is razor doing attempting to create /razor.log and /root/razor.log?
The first time you run razor it can't find a config file telling it where to put its log, so it drops the log into the current working directory. It then attempts to create a ~/.razor home directory and default config file. All subsequent invocations of razor will find the just created config file and put the log where it specifies (which is ~/.razor by default).
The /razor.log is probably from the first invocation by a system daemon, and the /root/razor.log from the first time you tested it as root.
David
Merged into the SELinux policy CVS tree at sourceforge.
On Mon, 2005-03-21 at 20:23 -0500, David Hampton wrote:
This is a new strict policy for the pyzor spam filter. It is based on the selinux-policy-strict-sources-1.23.2-1 fedora RPM. This policy requires the definition of a pyzor reserved port that was in the net_contexts diff I sent last Wednesday. Please let me know if there are any problems with or changes needed to this policy.
David
On Tuesday 22 March 2005 12:23, David Hampton hampton-rh@rainbolthampton.net wrote:
This is a new strict policy for the pyzor spam filter. It is based on the selinux-policy-strict-sources-1.23.2-1 fedora RPM. This policy requires the definition of a pyzor reserved port that was in the net_contexts diff I sent last Wednesday. Please let me know if there are any problems with or changes needed to this policy.
Attached a patch to allow it to work from console logins.
selinux@lists.fedoraproject.org
-
David Hampton -
James Carter -
Luke Kenneth Casson Leighton -
Russell Coker