From: russell@coker.com.au (Russell Coker)
Date: Tue, 7 Oct 2008 06:29:14 +1000
Subject: [refpolicy] services_amavis.patch
In-Reply-To: <1223317216.2165.35.camel@gorn>
References: <48DAA876.2030804@redhat.com>
	<200809260703.25027.russell@coker.com.au>
	<1223317216.2165.35.camel@gorn>
Message-ID: <200810070729.16636.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tuesday 07 October 2008 05:20, "Christopher J. PeBenito" 
<cpebenito@tresys.com> wrote:
> One thing specific example that I noticed recently about these was that
> there is a mail_spool_t in mta, and postfix and qmail also have their
> own spool types. ?Those sounded like they could possibly all merge into
> mail_spool_t, but I haven't had a chance to investigate further.

The mail_spool_t in mta.te is for /var/spool/mail - this is fully accessible 
to users.

The spool directories for the mail servers have limited access for users.

So there is some possibility for type sharing, but /var/spool/mail should not 
share a type with /var/spool/postfix.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development