Steffen Kaiser wrote:
> It's rather common (at least in Debian Linux) to create
directories, say
> /var/run/sendmail, chown them appropriately and chmod
o= them.
That's true. My reasoning is we already have a directory
called
/var/spool/MIMEDefang. It's already known to be writable by
defang, so why
not just throw the socket in there instead of littering the
file system
with extra directories?
Still, to each his own I guess. Back to the OP's point: I
feel your
pain with SELinux. SELinux is one of those
"great-in-theory,
horrible-in-practice" bits of software. Given the
absurd complexity
of setting up SELinux policies, I'm not sure that it
actually improves
security that much. Can you *prove* that your SELinux
policy does
exactly what you need (and only what you need?) A simpler
system
like Stackguard probably buys you 95% of SELinux's security
at 5% of its
complexity.
Regards,
David.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in
the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpengu
in.com
MIMEDefang mailing list MIMEDefang lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mime
defang
|