New policy for Pop-before-smtp daemon - selinux - Fedora mailing-lists

List overview All Threads
Download

New policy for Pop-before-smtp daemon

New policy for pyzor

Sound difficulties.

David Hampton

16 Mar 2005 16 Mar '05

7:19 a.m.

Here's a new policy to support the pop-before-smtp daemon from http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz . I'd appreciate any feedback on these files or tips on how to write better policies. Thanks.

David

P.S. This policy is based on the selinux-policy-strict-sources-1.22.1-2 rpm on my FC3 system.

Attachments:

popb4smtp.fc (text/plain — 386 bytes)
popb4smtp.te (text/plain — 1.4 KB)
signature.asc (application/pgp-signature — 189 bytes)

Reply

Show replies by date

Russell Coker

21 Apr 21 Apr

10:04 a.m.

On Thursday 17 March 2005 00:19, David Hampton hampton@employees.org wrote:

Here's a new policy to support the pop-before-smtp daemon from http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz . I'd appreciate any feedback on these files or tips on how to write better policies. Thanks.

All policy that you publish should use the proper locations of files as used in packaged software. /usr/local is only for things that the administrator compiles themself and generally shouldn't appear in .fc files.

daemon_domain() has the domain_auto_trans() rule to allow running from initrc_t.

This daemon does not need two domains, just give it one, things will be a lot easier and no less secure.

-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page

Reply

6952

Age (days ago)

6988

Last active (days ago)

selinux@lists.fedoraproject.org

1 comments

2 participants

tags (0)

participants (2)

David Hampton
Russell Coker