On Mon, Feb 02, 2009 at 07:01:16PM +0100, Dominick Grift wrote:
On second thought, no. I do not think spamd_t has access to
user_pyzor_home_t.
sesearch --allow -s spamd_t | grep home | less
so i guess your custom module fixes that. consider filing a bug report
for this issue.
Thanks for your help. I have not yet altered my new local policy, but I
thought I would try a reboot to see if that had any affect...
Oh boy! A whole raft of denials...
This is the audit2allow result of this recent batch. It seems quite a
lot to me!
require {
type user_pyzor_home_t;
type admin_home_t;
type spamd_t;
type procmail_t;
class dir { read write add_name remove_name };
class file { read create ioctl write getattr unlink append };
}
#============= procmail_t ==============
init_stream_connect_script(procmail_t)
#============= spamd_t ==============
allow spamd_t admin_home_t:dir { read write add_name remove_name };
allow spamd_t admin_home_t:file { write getattr read create unlink ioctl
append };
allow spamd_t user_pyzor_home_t:file { read getattr };
userdom_read_sysadm_home_content_files(spamd_t)
What do you think?
Thanks again
Mark