1 |
In an effort to have gentoo support SELinux for more programs/daemon's, I have |
2 |
created some policies for SpamAssassin and Procmail, based off the NSA |
3 |
policies, unpack the tars in /etc/security/selinux/src/policy, make load, and |
4 |
rlpkg procmail Mail-SpamAssasin, and you should be able to use them both, |
5 |
denial free. One important thing to note is that the spam assassin tarball |
6 |
will overwrite macros/base_user_macros.te . It is a one line change, and I am |
7 |
working with the 20040509 version of the base policy. If you are not using |
8 |
this version, you will probably be happier extracting it out of the tree, and |
9 |
then making the one line change. Add: |
10 |
|
11 |
ifdef(`using_spamassassin', `spamassassin_domain($1)') |
12 |
|
13 |
Below: |
14 |
|
15 |
ifdef(`ssh.te', `ssh_domain($1)') |
16 |
ifdef(`irc.te', `irc_domain($1)') |
17 |
ifdef(`uml.te', `uml_domain($1)') |
18 |
|
19 |
|
20 |
If a few people could please try this out, let me know how it goes, and any |
21 |
suggestions/improvements. I hope to get as many policies working as possible, |
22 |
so we are not as limited to what we can run on SELinux servers. |
23 |
|
24 |
Robert |