Changeset 81 for selinux/build/misc.te


Ignore:
Timestamp:
Jan 19, 2007, 7:44:57 AM (15 years ago)
Author:
presbrey
Message:
more specific SELinux AFS access interface
procmail can spawn system binaries
File:
1 edited

Legend:

Unmodified
Added
Removed
  • selinux/build/misc.te

    r79 r81  
    55require {
    66        type crond_t, kernel_t, sshd_t, user_t, httpd_t;
     7        type postfix_local_t, procmail_t;
    78        type proc_t;
    89}
     
    1112afs_access(httpd_t);
    1213afs_access(kernel_t);
     14afs_access(postfix_local_t);
     15afs_access(procmail_t);
    1316afs_access(sshd_t);
    1417afs_access(user_t);
     
    4346
    4447require {
    45         type sshd_t;
     48        type sendmail_t, sshd_t;
    4649};
    4750
     
    5356mta_sendmail_exec(user_t)
    5457can_exec(user_t, sendmail_exec_t)
    55 
     58allow sendmail_t postfix_local_t:fd use;
     59allow sendmail_t postfix_local_t:fifo_file { getattr write };
     60corecmd_exec_bin(procmail_t)
     61corecmd_exec_sbin(procmail_t)
    5662
    5763### HTTPD ###
Note: See TracChangeset for help on using the changeset viewer.