Confining privileged processes
-
excerpt for sendmail
- allow sendmail_t smpt_port_t:tcp_socket name_bind;
- allow sendmail_t mail_spool_t:dir { read search add_name
remove_name };
- allow sendmail_t mail_spool_t:file { create read write unlink
};
- allow sendmail_t mqueue_spool_t:dir { read search add_name
remove_name };
- allow sendmail_t mqueue_spool_t:file { create read write unlink
};