RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apache: Make MTA optional. 

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
Chris PeBenito 2019-04-03 11:10:37 -04:00
parent e2e4094bd4
commit 2f0ead8ecf
1 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
policy/modules/services/apache.te
View File

@ -663,16 +663,18 @@ tunable_policy(`httpd_execmem',`
dontaudit httpd_t self:process { execmem execstack };
')
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_t)
corenet_tcp_connect_smtp_port(httpd_t)
corenet_tcp_sendrecv_smtp_port(httpd_t)
corenet_sendrecv_pop_client_packets(httpd_t)
corenet_tcp_connect_pop_port(httpd_t)
corenet_tcp_sendrecv_pop_port(httpd_t)
optional_policy(`
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_t)
corenet_tcp_connect_smtp_port(httpd_t)
corenet_tcp_sendrecv_smtp_port(httpd_t)
corenet_sendrecv_pop_client_packets(httpd_t)
corenet_tcp_connect_pop_port(httpd_t)
corenet_tcp_sendrecv_pop_port(httpd_t)
mta_send_mail(httpd_t)
mta_signal_system_mail(httpd_t)
mta_send_mail(httpd_t)
mta_signal_system_mail(httpd_t)
')
')
optional_policy(`
@ -1007,17 +1009,6 @@ tunable_policy(`httpd_can_network_connect_db',`
corenet_tcp_sendrecv_oracledb_port(httpd_suexec_t)
')
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_suexec_t)
corenet_tcp_connect_smtp_port(httpd_suexec_t)
corenet_tcp_sendrecv_smtp_port(httpd_suexec_t)
corenet_sendrecv_pop_client_packets(httpd_suexec_t)
corenet_tcp_connect_pop_port(httpd_suexec_t)
corenet_tcp_sendrecv_pop_port(httpd_suexec_t)
mta_send_mail(httpd_suexec_t)
mta_signal_system_mail(httpd_suexec_t)
')
tunable_policy(`httpd_enable_cgi && httpd_unified',`
domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
')
@ -1094,6 +1085,19 @@ optional_policy(`
mailman_domtrans_cgi(httpd_suexec_t)
')
optional_policy(`
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_suexec_t)
corenet_tcp_connect_smtp_port(httpd_suexec_t)
corenet_tcp_sendrecv_smtp_port(httpd_suexec_t)
corenet_sendrecv_pop_client_packets(httpd_suexec_t)
corenet_tcp_connect_pop_port(httpd_suexec_t)
corenet_tcp_sendrecv_pop_port(httpd_suexec_t)
mta_send_mail(httpd_suexec_t)
mta_signal_system_mail(httpd_suexec_t)
')
')
optional_policy(`
mysql_stream_connect(httpd_suexec_t)
mysql_read_config(httpd_suexec_t)
@ -1265,18 +1269,6 @@ ifdef(`init_systemd', `
init_search_pids(httpd_sys_script_t)
')
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_sys_script_t)
corenet_tcp_connect_smtp_port(httpd_sys_script_t)
corenet_tcp_sendrecv_smtp_port(httpd_sys_script_t)
corenet_sendrecv_pop_client_packets(httpd_sys_script_t)
corenet_tcp_connect_pop_port(httpd_sys_script_t)
corenet_tcp_sendrecv_pop_port(httpd_sys_script_t)
mta_send_mail(httpd_sys_script_t)
mta_signal_system_mail(httpd_sys_script_t)
')
tunable_policy(`httpd_enable_homedirs',`
userdom_search_user_home_dirs(httpd_sys_script_t)
')
@ -1326,6 +1318,20 @@ optional_policy(`
clamav_scannable_files(httpd_sys_content_t)
')
optional_policy(`
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_sys_script_t)
corenet_tcp_connect_smtp_port(httpd_sys_script_t)
corenet_tcp_sendrecv_smtp_port(httpd_sys_script_t)
corenet_sendrecv_pop_client_packets(httpd_sys_script_t)
corenet_tcp_connect_pop_port(httpd_sys_script_t)
corenet_tcp_sendrecv_pop_port(httpd_sys_script_t)
mta_send_mail(httpd_sys_script_t)
mta_signal_system_mail(httpd_sys_script_t)
')
')
optional_policy(`
postgresql_unpriv_client(httpd_sys_script_t)
')