- Code: Select all
subject /usr/sbin/courierlogger d
/dev/log rw
-CAP_ALL
+CAP_DAC_OVERRIDE
subject /usr/bin/imapd d
/var h
/var/mail rwcdl
subject /usr/sbin/postfix d
/dev/log rw
-CAP_ALL
+CAP_DAC_OVERRIDE
+CAP_DAC_READ_SEARCH
subject /usr/lib/postfix dp
/dev/log rw
/var h
/var/run rwc
/var/mail rwcdl
/var/spool/postfix rwcdl
-CAP_ALL
+CAP_NET_BIND_SERVICE
+CAP_DAC_OVERRIDE
+CAP_DAC_READ_SEARCH
+CAP_SETGID
+CAP_SETUID
+CAP_SYS_CHROOT
subject /usr/sbin/postlog d
/dev/log rw
-CAP_ALL
+CAP_DAC_OVERRIDE
+CAP_DAC_READ_SEARCH
Postfix + Courier Imapd
1 post
• Page 1 of 1
Postfix + Courier Imapd
by Antinoos » Tue Dec 26, 2006 6:49 pm
Postfix and courier-imap are complex programs to write a policy for. Learning mode (in my opinion) granted both applications too much access, so I decided to use the output of dmesg to write a policy. Below is my policy. Is my policy granting too much access? How can I better secure it?
- Antinoos
- Posts: 1
- Joined: Tue Dec 26, 2006 6:45 pm
1 post
• Page 1 of 1