On Thu, Jul 17, 2003 at 01:04:43AM +1000, Russell Coker wrote:
> Normally a daemon never runs any program in a role other than "system_r", and
> domain transitions only happen at exec time. This is why we can have
> different domains for different parts of Postfix but not for different parts
> of Sendmail. If Sendmail was to exec() itself at various milestones in the
> delivery of a message then things would be different.
Interesting. Can SE Linux assign different roles depending on command line
arguments (serious question, I haven't looked too much into SE Linux)? The
reason I'm asking is that Exim does in fact re-exec() itself regularly. In
that way the parsing of message is seperate from the actual delivery.
-Mc ... This option is not very useful to external callers (except for
testing). It is provided for internal use by Exim when it
needs to re-invoke itself in order to regain root privilege
for a delivery (see chapter 49).
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> "All that is needed for the forces of evil to triumph is for enough good
> men to do nothing." - Edmond Burke
> "The penalty good people pay for not being interested in politics is to be
> governed by people worse than themselves." - Plato
Attachment:
pgppqabn4T_BC.pgp
Description: PGP signature