FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

LinkBack Thread Tools
Old 11-02-2011, 11:40 PM
Nico Baggus
Default exim / amavis / Clamav

Here I am not sure...

exim has some problems, amavis has various problems & clamav has some problems.

Exim produces:

module exim-nb 1.0;

require {
type amavisd_recv_port_t;
type initrc_t;
type exim_t;
class tcp_socket name_connect;
class unix_stream_socket connectto;

#============= exim_t ==============
allow exim_t amavisd_recv_port_t:tcp_socket name_connect;
allow exim_t initrc_t:unix_stream_socket connectto;

module clam 1.0;

require {
type net_conf_t;
type amavis_t;
type default_t;
type node_t;
type clamd_port_t;
type amavis_var_lib_t;
type clamscan_t;
class tcp_socket { name_connect node_bind };
class dir { getattr read open };
class file { read getattr open };

#============= amavis_t ==============
allow amavis_t clamd_port_t:tcp_socket name_connect;

#============= clamscan_t ==============
allow clamscan_t amavis_var_lib_t:dir { read getattr open };
allow clamscan_t amavis_var_lib_t:file { read open };
allow clamscan_t default_t:dir { read getattr open };
allow clamscan_t default_t:file { read open };
allow clamscan_t net_conf_t:file { read getattr open };
allow clamscan_t node_t:tcp_socket node_bind;

For amavis I still have to investigate, but after the previous 'fixes' i am not realy sure how to tackle this kind of cross product issues..

Thread Tools

All times are GMT. The time now is 01:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org