[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] tighten fetchmail policy

To: Greg Norris <haphazard@xxxxxxxxx>
Subject: Re: [patch] tighten fetchmail policy
From: James Carter <jwcart2@xxxxxxxxxxxxxx>
Date: Fri, 01 Apr 2005 15:34:36 -0500
Cc: SELinux <selinux@xxxxxxxxxxxxx>
In-reply-to: <20050330014646.GA19610@xxxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <20050330014646.GA19610@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: jwcart2@xxxxxxxxxxxxxx
Sender: owner-selinux@xxxxxxxxxxxxx

Merged, except for this little bit.
Better to use r_file_perms and allow the lock permission, unless there
is a good reason not to allow lock.

On Tue, 2005-03-29 at 19:46 -0600, Greg Norris wrote:
>  
>  # file access
> -allow fetchmail_t etc_t:file r_file_perms;
> -allow fetchmail_t fetchmail_etc_t:file r_file_perms;
> +allow fetchmail_t etc_t:file { read getattr ioctl };
> +allow fetchmail_t fetchmail_etc_t:file { read getattr ioctl };
>  allow fetchmail_t mail_spool_t:dir search;
>  file_type_auto_trans(fetchmail_t, mail_spool_t,
> fetchmail_uidl_cache_t, file)
> 
> 
-- 
James Carter <jwcart2@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: [patch] tighten fetchmail policy
  - From: Greg Norris

References:
- [patch] tighten fetchmail policy
  - From: Greg Norris

Prev by Date: Re: Policy Patch
Next by Date: Re: patch: Use etc_domain() where possible
Previous by thread: [patch] tighten fetchmail policy
Next by thread: Re: [patch] tighten fetchmail policy
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.