| 1 |
In an effort to have gentoo support SELinux for more programs/daemon's, I have |
| 2 |
created some policies for SpamAssassin and Procmail, based off the NSA |
| 3 |
policies, unpack the tars in /etc/security/selinux/src/policy, make load, and |
| 4 |
rlpkg procmail Mail-SpamAssasin, and you should be able to use them both, |
| 5 |
denial free. One important thing to note is that the spam assassin tarball |
| 6 |
will overwrite macros/base_user_macros.te . It is a one line change, and I am |
| 7 |
working with the 20040509 version of the base policy. If you are not using |
| 8 |
this version, you will probably be happier extracting it out of the tree, and |
| 9 |
then making the one line change. Add: |
| 10 |
|
| 11 |
ifdef(`using_spamassassin', `spamassassin_domain($1)') |
| 12 |
|
| 13 |
Below: |
| 14 |
|
| 15 |
ifdef(`ssh.te', `ssh_domain($1)') |
| 16 |
ifdef(`irc.te', `irc_domain($1)') |
| 17 |
ifdef(`uml.te', `uml_domain($1)') |
| 18 |
|
| 19 |
|
| 20 |
If a few people could please try this out, let me know how it goes, and any |
| 21 |
suggestions/improvements. I hope to get as many policies working as possible, |
| 22 |
so we are not as limited to what we can run on SELinux servers. |
| 23 |
|
| 24 |
Robert |
Archives