[refpolicy] Milter Mail Filters
Christopher J. PeBenito
cpebenito at tresys.com
Mon Nov 24 11:47:39 CST 2008
On Mon, 2008-11-24 at 16:07 +0000, Paul Howarth wrote:
> Christopher J. PeBenito wrote:
> > On Mon, 2008-11-24 at 14:34 +0000, Paul Howarth wrote:
> >> Revised patch attached.
> >
> > Merged, with a couple tweaks.
>
> The tweaks seem quite significant:
>
> $ diff milter.if.pgh milter.if
> 21d20
> < domain_type($1_milter_t)
redundant due to init_daemon_domain()
> 39,41d37
> < # Things that all(?) milters will need to do
> < libs_use_ld_so($1_milter_t)
> < libs_use_shared_libs($1_milter_t)
All domains now have these rules (see line 109 of domain.te).
> 43d38
> < init_use_fds($1_milter_t)
Its actually the fd for the console, which isn't necessary to be
inherited, nor would we want used by services. Its dontaudited by
init_daemon_domain().
> Are these four interface calls omitted deliberately?
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the refpolicy
mailing list