On Thu, Jul 17, 2003 at 01:04:43AM +1000, Russell Coker wrote: > Normally a daemon never runs any program in a role other than "system_r", and > domain transitions only happen at exec time. This is why we can have > different domains for different parts of Postfix but not for different parts > of Sendmail. If Sendmail was to exec() itself at various milestones in the > delivery of a message then things would be different. Interesting. Can SE Linux assign different roles depending on command line arguments (serious question, I haven't looked too much into SE Linux)? The reason I'm asking is that Exim does in fact re-exec() itself regularly. In that way the parsing of message is seperate from the actual delivery. -Mc ... This option is not very useful to external callers (except for testing). It is provided for internal use by Exim when it needs to re-invoke itself in order to regain root privilege for a delivery (see chapter 49). Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > "All that is needed for the forces of evil to triumph is for enough good > men to do nothing." - Edmond Burke > "The penalty good people pay for not being interested in politics is to be > governed by people worse than themselves." - Plato
Attachment:
pgppqabn4T_BC.pgp
Description: PGP signature