Hi.

I have noticed that per default the salsauthd daemon is allowded to
answers to every nodes on the world, as the network rules are
     corenet_tcp_sendrecv_all_if(saslauthd_t)
     corenet_tcp_sendrecv_all_nodes(saslauthd_t).

However, I want to optimize this in order to provide a deeper control with

gen_tunable(allow_saslauthd_network_auth,true)

tunable_policy(`allow_saslauthd_network_auth',`
        corenet_tcp_sendrecv_all_if(saslauthd_t)
        corenet_tcp_sendrecv_all_nodes(saslauthd_t)
        ',`
        corenet_tcp_sendrecv_lo_if(saslauthd_t)
        corenet_tcp_sendrecv_all_nodes(saslauthd_t)
')

The compilation works well but I have a problem at the qmerge step : the lo_netif_t dependance can not be solved. Why is this though internel modules (namely kernel/corenetwork.if) used these macros ?

BTW, the .fc file is not well suited fot the postfix-sasl install.
la /var/lib give me
drwxr-xr-x  root root    system_u:object_r:var_lib_t      sasl2

though it should be saslauthd_var_run_t (maybe a change of directory for the saslauth project ? )
cd /var/lib
chcon -t saslauthd_var_run_t sasl2/ sasl2/* -R


-- Julien Thomas

--
[EMAIL PROTECTED] mailing list

Reply via email to