[Mimedefang] Socket paths
David F. Skoll
dfs at roaringpenguin.com
Fri Feb 23 10:35:01 EST 2007
Steffen Kaiser wrote:
> It's rather common (at least in Debian Linux) to create directories, say
> /var/run/sendmail, chown them appropriately and chmod o= them.
That's true. My reasoning is we already have a directory called
/var/spool/MIMEDefang. It's already known to be writable by defang, so why
not just throw the socket in there instead of littering the file system
with extra directories?
Still, to each his own I guess. Back to the OP's point: I feel your
pain with SELinux. SELinux is one of those "great-in-theory,
horrible-in-practice" bits of software. Given the absurd complexity
of setting up SELinux policies, I'm not sure that it actually improves
security that much. Can you *prove* that your SELinux policy does
exactly what you need (and only what you need?) A simpler system
like Stackguard probably buys you 95% of SELinux's security at 5% of its
complexity.
Regards,
David.
More information about the MIMEDefang
mailing list