apache: Make MTA optional.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
Chris PeBenito 2019-04-03 11:10:37 -04:00
parent e2e4094bd4
commit 2f0ead8ecf

View File

@ -663,16 +663,18 @@ tunable_policy(`httpd_execmem',`
dontaudit httpd_t self:process { execmem execstack };
')
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_t)
corenet_tcp_connect_smtp_port(httpd_t)
corenet_tcp_sendrecv_smtp_port(httpd_t)
corenet_sendrecv_pop_client_packets(httpd_t)
corenet_tcp_connect_pop_port(httpd_t)
corenet_tcp_sendrecv_pop_port(httpd_t)
optional_policy(`
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_t)
corenet_tcp_connect_smtp_port(httpd_t)
corenet_tcp_sendrecv_smtp_port(httpd_t)
corenet_sendrecv_pop_client_packets(httpd_t)
corenet_tcp_connect_pop_port(httpd_t)
corenet_tcp_sendrecv_pop_port(httpd_t)
mta_send_mail(httpd_t)
mta_signal_system_mail(httpd_t)
mta_send_mail(httpd_t)
mta_signal_system_mail(httpd_t)
')
')
optional_policy(`
@ -1007,17 +1009,6 @@ tunable_policy(`httpd_can_network_connect_db',`
corenet_tcp_sendrecv_oracledb_port(httpd_suexec_t)
')
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_suexec_t)
corenet_tcp_connect_smtp_port(httpd_suexec_t)
corenet_tcp_sendrecv_smtp_port(httpd_suexec_t)
corenet_sendrecv_pop_client_packets(httpd_suexec_t)
corenet_tcp_connect_pop_port(httpd_suexec_t)
corenet_tcp_sendrecv_pop_port(httpd_suexec_t)
mta_send_mail(httpd_suexec_t)
mta_signal_system_mail(httpd_suexec_t)
')
tunable_policy(`httpd_enable_cgi && httpd_unified',`
domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
')
@ -1094,6 +1085,19 @@ optional_policy(`
mailman_domtrans_cgi(httpd_suexec_t)
')
optional_policy(`
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_suexec_t)
corenet_tcp_connect_smtp_port(httpd_suexec_t)
corenet_tcp_sendrecv_smtp_port(httpd_suexec_t)
corenet_sendrecv_pop_client_packets(httpd_suexec_t)
corenet_tcp_connect_pop_port(httpd_suexec_t)
corenet_tcp_sendrecv_pop_port(httpd_suexec_t)
mta_send_mail(httpd_suexec_t)
mta_signal_system_mail(httpd_suexec_t)
')
')
optional_policy(`
mysql_stream_connect(httpd_suexec_t)
mysql_read_config(httpd_suexec_t)
@ -1265,18 +1269,6 @@ ifdef(`init_systemd', `
init_search_pids(httpd_sys_script_t)
')
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_sys_script_t)
corenet_tcp_connect_smtp_port(httpd_sys_script_t)
corenet_tcp_sendrecv_smtp_port(httpd_sys_script_t)
corenet_sendrecv_pop_client_packets(httpd_sys_script_t)
corenet_tcp_connect_pop_port(httpd_sys_script_t)
corenet_tcp_sendrecv_pop_port(httpd_sys_script_t)
mta_send_mail(httpd_sys_script_t)
mta_signal_system_mail(httpd_sys_script_t)
')
tunable_policy(`httpd_enable_homedirs',`
userdom_search_user_home_dirs(httpd_sys_script_t)
')
@ -1326,6 +1318,20 @@ optional_policy(`
clamav_scannable_files(httpd_sys_content_t)
')
optional_policy(`
tunable_policy(`httpd_can_sendmail',`
corenet_sendrecv_smtp_client_packets(httpd_sys_script_t)
corenet_tcp_connect_smtp_port(httpd_sys_script_t)
corenet_tcp_sendrecv_smtp_port(httpd_sys_script_t)
corenet_sendrecv_pop_client_packets(httpd_sys_script_t)
corenet_tcp_connect_pop_port(httpd_sys_script_t)
corenet_tcp_sendrecv_pop_port(httpd_sys_script_t)
mta_send_mail(httpd_sys_script_t)
mta_signal_system_mail(httpd_sys_script_t)
')
')
optional_policy(`
postgresql_unpriv_client(httpd_sys_script_t)
')