From: russell@coker.com.au (Russell Coker) Date: Thu, 2 Oct 2008 12:32:46 +1000 Subject: [refpolicy] services_amavis.patch In-Reply-To: <48E35C62.8030609@martinorr.name> References: <48DAA876.2030804@redhat.com> <200809271042.26493.russell@coker.com.au> <48E35C62.8030609@martinorr.name> Message-ID: <200810021232.48495.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wednesday 01 October 2008 21:17, Martin Orr wrote: > > They can communicate by a socket or by running a program. > > Doesn't seem like interacting a lot to me. There's also the issue of Unix domain sockets and inter-relations between paths. > But I've thought a bit more about why I dislike merging the amavis and > clamav domains, and my primary concern is that it is confusing to have > amavisd running as clamav_t. If I saw a denial with > comm="amavisd" scontext=system_u:system_r:clamav_t:s0 > then I would assume that there was a missing transition somewhere. > > So while I still don't see the value of merging amavis_t and clamav_t when > separate policy has already been written, I would be a lot happier if the > merged domain were not called clamav_t. I'm happy to rename it (but not for Lenny). What do you suggest? -- russell at coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development