Re: gentoo diff for arpwatch

[James Carter <jwcart2@xxxxxxxxxxxxxx>]

Ok.  Merged.

On Sat, 2004-12-25 at 02:18, Russell Coker wrote:
> On Saturday 20 November 2004 06:47, James Carter <jwcart2@xxxxxxxxxxxxxx> 
> wrote:
> > I moved the following rules and put an "ifdef(`arpwatch.te'" around
> > them:
> > "allow system_mail_t" rules to mta.te
> > "allow qmail_inject_t" rules to qmail.te
> > "allow allow postfix_local_t" rule to postfix.te
> 
> This is not what we want.  Below I have pasted some text from 
> http://www.coker.com.au/selinux/talks/ibmtu-2004/linux21.ppt describing the 
> MTA policy (it's not great but it's the best description of MTA policy).
> 
> I have attached a patch that makes some changes to make it work with the 
> design of the mta policy.  This makes it work with Postfix, Qmail, Sendmail, 
> and any other mta that might be used.  The idea is that you don't have to 
> write policy for every combination of program that sends mail and mta, this 
> doesn't scale well as the number of supported mta's increases.

-- 
James Carter <jwcart2@xxxxxxxxxxxxxx>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.