Comment # 10 on bug 1082230 from 
(In reply to Christian Boltz from comment #9)
> I took the liberty to login on baloo, and noticed two groups of denials:
> 
> profile /usr/bin/mlmmj-receive 
>     /var/spool/mlmmj-gone/gone2/incoming/* rw,
> 
> Any idea what the difference between /var/spool/mlmmj/ and
> /var/spool/mlmmj-gone/ is and if allowing this makes sense?

I have no idea what mlmmj-gone is - I have chosen to leave it alone.  I would
not add it to the profile. 

> profile /usr/bin/mlmmj-sub 
>     /var/spool/mlmmj/*/moderation/subscribe* rw,
> 
> .../moderation/* of course also works, but I'd tend to restrict mlmmj to
> .../moderation/subscribe* - given the binary name, I hope it doesn't do
> other things ;-)

That's probably fine. I've grepped the source and mlmmj-process is the only
other one that touches /moderation/, and that's already in the profile.

You are receiving this mail because: