From: russell@coker.com.au (Russell Coker) Date: Thu, 25 Sep 2008 17:19:08 +1000 Subject: [refpolicy] services_amavis.patch In-Reply-To: <48DAA876.2030804@redhat.com> References: <48DAA876.2030804@redhat.com> Message-ID: <200809251719.10269.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thursday 25 September 2008 06:52, Daniel J Walsh wrote: > http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_amavis.patch > > Add initrc script support How much success are people having with the policy that has Amavis and ClamAV in different domains? The CentOS servers that I run have Amavis and ClamAV running unconfined because getting the policy to work was too difficult (the two daemons interact with each other a lot, trying to keep them separate is a lost cause). I've attached the policy that I have written for Debian/Lenny. It runs Amavis, ClamAV, and clamav-milter in the same domain. I don't think that makes any significant reduction to security but it significantly reduces the difficulty in configuring it. This is the change that I had been suggesting for a few years. -- russell at coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -------------- next part -------------- A non-text attachment was scrubbed... Name: clamav.tgz Type: application/x-tgz Size: 2332 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20080925/a67ea51b/attachment.bin