[refpolicy] services_amavis.patch

Russell Coker russell at coker.com.au
Wed Oct 1 21:32:46 CDT 2008


On Wednesday 01 October 2008 21:17, Martin Orr <martin at martinorr.name> wrote:
> > They can communicate by a socket or by running a program.
>
> Doesn't seem like interacting a lot to me.

There's also the issue of Unix domain sockets and inter-relations between 
paths.

> But I've thought a bit more about why I dislike merging the amavis and
> clamav domains, and my primary concern is that it is confusing to have
> amavisd running as clamav_t.  If I saw a denial with
> comm="amavisd" scontext=system_u:system_r:clamav_t:s0
> then I would assume that there was a missing transition somewhere.
>
> So while I still don't see the value of merging amavis_t and clamav_t when
> separate policy has already been written, I would be a lot happier if the
> merged domain were not called clamav_t.

I'm happy to rename it (but not for Lenny).  What do you suggest?

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development


More information about the refpolicy mailing list