From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 24 Nov 2008 09:11:40 -0500
Subject: [refpolicy] Milter Mail Filters
In-Reply-To: <49218846.7060305@city-fan.org>
References: <49218846.7060305@city-fan.org>
Message-ID: <1227535903.29210.22.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2008-11-17 at 10:05 -0500, Paul Howarth wrote:
> Updated patch attached with TCP socket support removed.

Last question

> Index: policy/modules/services/mta.te
> ===================================================================
> --- policy/modules/services/mta.te      (revision 2878)
> +++ policy/modules/services/mta.te      (working copy)
> @@ -116,6 +116,9 @@
>  
>         domain_use_interactive_fds(system_mail_t)
>  
> +       # newaliases runs as system_mail_t when the sendmail initscript does a restart
> +       milter_getattr_all_sockets(system_mail_t)
> +
>         # postfix needs this for newaliases
>         files_getattr_tmp_dirs(system_mail_t)

Why is this bit in the optional_policy for postfix instead of its own
optional_policy at the top level?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150