apache: Make MTA optional.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
parent
e2e4094bd4
commit
2f0ead8ecf
@ -663,16 +663,18 @@ tunable_policy(`httpd_execmem',`
|
||||
dontaudit httpd_t self:process { execmem execstack };
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_can_sendmail',`
|
||||
corenet_sendrecv_smtp_client_packets(httpd_t)
|
||||
corenet_tcp_connect_smtp_port(httpd_t)
|
||||
corenet_tcp_sendrecv_smtp_port(httpd_t)
|
||||
corenet_sendrecv_pop_client_packets(httpd_t)
|
||||
corenet_tcp_connect_pop_port(httpd_t)
|
||||
corenet_tcp_sendrecv_pop_port(httpd_t)
|
||||
optional_policy(`
|
||||
tunable_policy(`httpd_can_sendmail',`
|
||||
corenet_sendrecv_smtp_client_packets(httpd_t)
|
||||
corenet_tcp_connect_smtp_port(httpd_t)
|
||||
corenet_tcp_sendrecv_smtp_port(httpd_t)
|
||||
corenet_sendrecv_pop_client_packets(httpd_t)
|
||||
corenet_tcp_connect_pop_port(httpd_t)
|
||||
corenet_tcp_sendrecv_pop_port(httpd_t)
|
||||
|
||||
mta_send_mail(httpd_t)
|
||||
mta_signal_system_mail(httpd_t)
|
||||
mta_send_mail(httpd_t)
|
||||
mta_signal_system_mail(httpd_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -1007,17 +1009,6 @@ tunable_policy(`httpd_can_network_connect_db',`
|
||||
corenet_tcp_sendrecv_oracledb_port(httpd_suexec_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_can_sendmail',`
|
||||
corenet_sendrecv_smtp_client_packets(httpd_suexec_t)
|
||||
corenet_tcp_connect_smtp_port(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_smtp_port(httpd_suexec_t)
|
||||
corenet_sendrecv_pop_client_packets(httpd_suexec_t)
|
||||
corenet_tcp_connect_pop_port(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_pop_port(httpd_suexec_t)
|
||||
mta_send_mail(httpd_suexec_t)
|
||||
mta_signal_system_mail(httpd_suexec_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_cgi && httpd_unified',`
|
||||
domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
|
||||
')
|
||||
@ -1094,6 +1085,19 @@ optional_policy(`
|
||||
mailman_domtrans_cgi(httpd_suexec_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
tunable_policy(`httpd_can_sendmail',`
|
||||
corenet_sendrecv_smtp_client_packets(httpd_suexec_t)
|
||||
corenet_tcp_connect_smtp_port(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_smtp_port(httpd_suexec_t)
|
||||
corenet_sendrecv_pop_client_packets(httpd_suexec_t)
|
||||
corenet_tcp_connect_pop_port(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_pop_port(httpd_suexec_t)
|
||||
mta_send_mail(httpd_suexec_t)
|
||||
mta_signal_system_mail(httpd_suexec_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
mysql_stream_connect(httpd_suexec_t)
|
||||
mysql_read_config(httpd_suexec_t)
|
||||
@ -1265,18 +1269,6 @@ ifdef(`init_systemd', `
|
||||
init_search_pids(httpd_sys_script_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_can_sendmail',`
|
||||
corenet_sendrecv_smtp_client_packets(httpd_sys_script_t)
|
||||
corenet_tcp_connect_smtp_port(httpd_sys_script_t)
|
||||
corenet_tcp_sendrecv_smtp_port(httpd_sys_script_t)
|
||||
corenet_sendrecv_pop_client_packets(httpd_sys_script_t)
|
||||
corenet_tcp_connect_pop_port(httpd_sys_script_t)
|
||||
corenet_tcp_sendrecv_pop_port(httpd_sys_script_t)
|
||||
|
||||
mta_send_mail(httpd_sys_script_t)
|
||||
mta_signal_system_mail(httpd_sys_script_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs',`
|
||||
userdom_search_user_home_dirs(httpd_sys_script_t)
|
||||
')
|
||||
@ -1326,6 +1318,20 @@ optional_policy(`
|
||||
clamav_scannable_files(httpd_sys_content_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
tunable_policy(`httpd_can_sendmail',`
|
||||
corenet_sendrecv_smtp_client_packets(httpd_sys_script_t)
|
||||
corenet_tcp_connect_smtp_port(httpd_sys_script_t)
|
||||
corenet_tcp_sendrecv_smtp_port(httpd_sys_script_t)
|
||||
corenet_sendrecv_pop_client_packets(httpd_sys_script_t)
|
||||
corenet_tcp_connect_pop_port(httpd_sys_script_t)
|
||||
corenet_tcp_sendrecv_pop_port(httpd_sys_script_t)
|
||||
|
||||
mta_send_mail(httpd_sys_script_t)
|
||||
mta_signal_system_mail(httpd_sys_script_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
postgresql_unpriv_client(httpd_sys_script_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user