From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 05 Sep 2008 08:54:43 -0400 Subject: [refpolicy] [patch 33/35] mailscanner policy addition In-Reply-To: <48B2E96D.50805@redhat.com> References: <20080804123456.679565839@hardeman.nu> <20080804123739.984442576@hardeman.nu> <1219327608.16398.63.camel@gorn.columbia.tresys.com> <48B2E96D.50805@redhat.com> Message-ID: <1220619283.28287.62.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 2008-08-25 at 13:18 -0400, Daniel J Walsh wrote: > Christopher J. PeBenito wrote: > > On Mon, 2008-08-04 at 14:35 +0200, david at hardeman.nu wrote: > >> plain text document attachment > >> (policy_modules_services_mailscanner.patch) > >> Adds a new mailscanner module from the RH patchset > > > > This seems like an incomplete module, since it only has one file type > > and no domain. > > >> Index: refpolicy/policy/modules/services/mailscanner.fc > >> =================================================================== > >> --- /dev/null 1970-01-01 00:00:00.000000000 +0000 > >> +++ refpolicy/policy/modules/services/mailscanner.fc 2008-08-03 22:09:51.000000000 +0200 > >> @@ -0,0 +1,2 @@ > >> +/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0) [...] > >> @@ -0,0 +1,5 @@ > >> + > >> +policy_module(mailscanner,1.0.0) > >> + > >> +type mailscanner_spool_t; > >> +files_type(mailscanner_spool_t) > >> > This domain was added to just define a context and interfaces for > mailscanner_spool_t so other domains could use it. I have never used > mailscanner and have no idea how to set this up. I guess we could > label > /var/spool/MailScanner with a clamscan_spool_t and add the interfaces > to > there. >From what I can figure out from the "What Is MailScanner?" web page, that seems like the better way. But one thought I also had based on this: > The only domain that uses mailscan_spool is > > mailscanner_read_spool(procmail_t) > mailscanner_manage_spool(clamscan_t) Are we sure its not just mail_spool_t? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150