From: paul@city-fan.org (Paul Howarth)
Date: Mon, 24 Nov 2008 14:34:05 +0000
Subject: [refpolicy] Milter Mail Filters
In-Reply-To: <1227535903.29210.22.camel@gorn>
References: <49218846.7060305@city-fan.org> <1227535903.29210.22.camel@gorn>
Message-ID: <492ABB5D.5000001@city-fan.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Christopher J. PeBenito wrote:
> On Mon, 2008-11-17 at 10:05 -0500, Paul Howarth wrote:
>> Updated patch attached with TCP socket support removed.
> 
> Last question
> 
>> Index: policy/modules/services/mta.te
>> ===================================================================
>> --- policy/modules/services/mta.te      (revision 2878)
>> +++ policy/modules/services/mta.te      (working copy)
>> @@ -116,6 +116,9 @@
>>  
>>         domain_use_interactive_fds(system_mail_t)
>>  
>> +       # newaliases runs as system_mail_t when the sendmail initscript does a restart
>> +       milter_getattr_all_sockets(system_mail_t)
>> +
>>         # postfix needs this for newaliases
>>         files_getattr_tmp_dirs(system_mail_t)
> 
> Why is this bit in the optional_policy for postfix instead of its own
> optional_policy at the top level?

Not intentional. I saw the similar entry for postfix and put the extra 
line near it, not realizing the significance of the multiple 
optional_policy blocks.

Revised patch attached.

Paul.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: milters.patch
Type: text/x-patch
Size: 7065 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081124/1f16af29/attachment.bin