From: dwalsh@redhat.com (Daniel J Walsh) Date: Fri, 05 Sep 2008 09:57:36 -0400 Subject: [refpolicy] [patch 33/35] mailscanner policy addition In-Reply-To: <1220619283.28287.62.camel@gorn.columbia.tresys.com> References: <20080804123456.679565839@hardeman.nu> <20080804123739.984442576@hardeman.nu> <1219327608.16398.63.camel@gorn.columbia.tresys.com> <48B2E96D.50805@redhat.com> <1220619283.28287.62.camel@gorn.columbia.tresys.com> Message-ID: <48C13AD0.6000005@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Christopher J. PeBenito wrote: > On Mon, 2008-08-25 at 13:18 -0400, Daniel J Walsh wrote: >> Christopher J. PeBenito wrote: >>> On Mon, 2008-08-04 at 14:35 +0200, david at hardeman.nu wrote: >>>> plain text document attachment >>>> (policy_modules_services_mailscanner.patch) >>>> Adds a new mailscanner module from the RH patchset >>> This seems like an incomplete module, since it only has one file type >>> and no domain. >> >>>> Index: refpolicy/policy/modules/services/mailscanner.fc >>>> =================================================================== >>>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000 >>>> +++ refpolicy/policy/modules/services/mailscanner.fc 2008-08-03 22:09:51.000000000 +0200 >>>> @@ -0,0 +1,2 @@ >>>> +/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0) > [...] >>>> @@ -0,0 +1,5 @@ >>>> + >>>> +policy_module(mailscanner,1.0.0) >>>> + >>>> +type mailscanner_spool_t; >>>> +files_type(mailscanner_spool_t) >>>> >> This domain was added to just define a context and interfaces for >> mailscanner_spool_t so other domains could use it. I have never used >> mailscanner and have no idea how to set this up. I guess we could >> label >> /var/spool/MailScanner with a clamscan_spool_t and add the interfaces >> to >> there. > >>From what I can figure out from the "What Is MailScanner?" web page, > that seems like the better way. But one thought I also had based on > this: > >> The only domain that uses mailscan_spool is >> >> mailscanner_read_spool(procmail_t) >> mailscanner_manage_spool(clamscan_t) > > Are we sure its not just mail_spool_t? > I am fine with mail_spool.