Chris PeBenito <[EMAIL PROTECTED]> a écrit :
On Mon, 2007-08-27 at 15:25 +0200, [EMAIL PROTECTED] wrote:
I have noticed that per default the salsauthd daemon is allowded to
answers to every nodes on the world, as the network rules are
corenet_tcp_sendrecv_all_if(saslauthd_t)
corenet_tcp_sendrecv_all_nodes(saslauthd_t).
However, I want to optimize this in order to provide a deeper control with
[...]
corenet_tcp_sendrecv_lo_if(saslauthd_t)
corenet_tcp_sendrecv_all_nodes(saslauthd_t)
The compilation works well but I have a problem at the qmerge step :
the lo_netif_t dependance can not be solved. Why is this though
internel modules (namely kernel/corenetwork.if) used these macros ?
lo_netif_t is not defined in the policy. You would have to declare it
in your local policy and then semanage to label the interface.
In fact, that's what I tried but I miss a point : what do you mean by
'label the interface' ? I try to find any lo interface but nothing.
The same for others interfaces (ethX). I can not find any netif_type
labelled device on my system so I think that I do not really
understand this point.
BTW, the .fc file is not well suited fot the postfix-sasl install.
la /var/lib give me
drwxr-xr-x root root system_u:object_r:var_lib_t sasl2
though it should be saslauthd_var_run_t (maybe a change of directory
for the saslauth project ? )
cd /var/lib
chcon -t saslauthd_var_run_t sasl2/ sasl2/* -R
Does it fail without this fix?
In fact yse because saslauthd try to acess var_lib_t labelled object. So these
modifications have to be performed in order to prevent AVC messages
(but I have not checked weither it blocked the salsauth daemon runs or
not).
Julien Thomas
--
Chris PeBenito
<[EMAIL PROTECTED]>
Developer,
Hardened Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
--
[EMAIL PROTECTED] mailing list