RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MTA patch from Dan Walsh.

This commit is contained in:
Chris PeBenito 2010-05-19 09:00:39 -04:00
parent 088b65e52b
commit e19b8d1c2e
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
policy/modules/services/mta.if
View File

@ -356,6 +356,7 @@ interface(`mta_send_mail',`
') ')
allow $1 mta_exec_type:lnk_file read_lnk_file_perms; allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
corecmd_read_bin_symlinks($1)
domtrans_pattern($1, mta_exec_type, system_mail_t) domtrans_pattern($1, mta_exec_type, system_mail_t)
allow mta_user_agent $1:fd use; allow mta_user_agent $1:fd use;
@ -398,6 +399,25 @@ interface(`mta_sendmail_domtrans',`
domain_auto_trans($1, sendmail_exec_t, $2) domain_auto_trans($1, sendmail_exec_t, $2)
') ')
########################################
## <summary>
## Send system mail client a signal
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`mta_signal_system_mail',`
gen_require(`
type system_mail_t;
')
allow $1 system_mail_t:process signal;
')
######################################## ########################################
## <summary> ## <summary>
## Execute sendmail in the caller domain. ## Execute sendmail in the caller domain.
@ -763,6 +783,25 @@ interface(`mta_search_queue',`
allow $1 mqueue_spool_t:dir search_dir_perms; allow $1 mqueue_spool_t:dir search_dir_perms;
') ')
#######################################
## <summary>
## List the mail queue.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mta_list_queue',`
gen_require(`
type mqueue_spool_t;
')
allow $1 mqueue_spool_t:dir list_dir_perms;
files_search_spool($1)
')
####################################### #######################################
## <summary> ## <summary>
## Read the mail queue. ## Read the mail queue.

7
policy/modules/services/mta.te
View File

@ -1,5 +1,5 @@
policy_module(mta, 2.2.1) policy_module(mta, 2.2.2)
######################################## ########################################
# #
@ -71,10 +71,14 @@ dev_read_sysfs(system_mail_t)
dev_read_rand(system_mail_t) dev_read_rand(system_mail_t)
dev_read_urand(system_mail_t) dev_read_urand(system_mail_t)
files_read_usr_files(system_mail_t)
fs_rw_anon_inodefs_files(system_mail_t) fs_rw_anon_inodefs_files(system_mail_t)
selinux_getattr_fs(system_mail_t) selinux_getattr_fs(system_mail_t)
term_dontaudit_use_unallocated_ttys(system_mail_t)
init_use_script_ptys(system_mail_t) init_use_script_ptys(system_mail_t)
userdom_use_user_terminals(system_mail_t) userdom_use_user_terminals(system_mail_t)
@ -107,6 +111,7 @@ optional_policy(`
optional_policy(` optional_policy(`
cron_read_system_job_tmp_files(system_mail_t) cron_read_system_job_tmp_files(system_mail_t)
cron_dontaudit_write_pipes(system_mail_t) cron_dontaudit_write_pipes(system_mail_t)
cron_rw_system_job_stream_sockets(system_mail_t)
') ')
optional_policy(` optional_policy(`