Here's a new policy to support the pop-before-smtp daemon from http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz . I'd appreciate any feedback on these files or tips on how to write better policies. Thanks.
David
P.S. This policy is based on the selinux-policy-strict-sources-1.22.1-2 rpm on my FC3 system.
On Thursday 17 March 2005 00:19, David Hampton hampton@employees.org wrote:
Here's a new policy to support the pop-before-smtp daemon from http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz . I'd appreciate any feedback on these files or tips on how to write better policies. Thanks.
All policy that you publish should use the proper locations of files as used in packaged software. /usr/local is only for things that the administrator compiles themself and generally shouldn't appear in .fc files.
daemon_domain() has the domain_auto_trans() rule to allow running from initrc_t.
This daemon does not need two domains, just give it one, things will be a lot easier and no less secure.
selinux@lists.fedoraproject.org