[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ZMailer] SELinux policy for Zmailer

On Mon, Aug 02, 2010 at 02:05:03PM +0300, Matti Aarnio wrote:

> On Mon, Jul 26, 2010 at 07:31:02PM +0100, Ralf Baechle wrote:
> > I wonder if anybody has already written a SELinux policy for Zmailer?
> No.  While the Linux distributions I use have it, I am running
> them without policy.
> Learning to use SELinux in enforced mode has never gotten enough
> priority in my work or hobby so far...

On my various servers I'm running a fair pile of rather dated software of
at best uncertain security status and some software that fairly regularly
has security issues - I just say PHP and the noise of people trying to
kick the doors has turned into the sound of an infinite number of monkeys
driving bulldozers through the front yard ...

I've got a mostly working policy now.  It's still rather ugly and
occasionally I see either zmailer or one of the zmailer users doing a
somewhat more rare operation that need policy tuning.

To simplify the policy I'm wondering if some of zmailers files should be
moved from the current default location to other directories, in particular
the .pid files to /var/run/zmailer/.  Maybe also the sockets and

On occasion SELinux also finds odd application behaviour so unexpectedly
it also turned into a bit of a crystall ball into odd application behaviour.

To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi