[refpolicy] [PATCH] Allow spamd to connect to MySQL via TCP
Christopher J. PeBenito
cpebenito at tresys.com
Tue Apr 27 08:45:41 CDT 2010
On Mon, 2010-04-26 at 13:48 -0500, Chris St. Pierre wrote:
> Currently, spamd_t is only allowed to connect to a MySQL stream --
> i.e., a local MySQL instance, not a remote one via TCP. This patch
> fixes that issue.
For completeness, something similar should also be added for postgresql.
> diff --git a/policy/modules/services/spamassassin.te
> b/policy/modules/services/spamassassin.te
> index dd49d31..210a57a 100644
> --- a/policy/modules/services/spamassassin.te
> +++ b/policy/modules/services/spamassassin.te
> @@ -412,6 +412,8 @@ optional_policy(`
> optional_policy(`
> mysql_search_db(spamd_t)
> mysql_stream_connect(spamd_t)
> + corenet_tcp_connect_mysqld_port(spamd_t)
> + corenet_sendrecv_mysqld_client_packets(spamd_t)
> ')
>
> optional_policy(`
>
--
Chris PeBenito
Tresys Technology, LLC
More information about the refpolicy
mailing list