sympa, mta, exim: Revise interfaces.
Revise interfaces added as part of sympa work. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
parent
be2ba4e473
commit
3fd5341bff
|
@ -253,7 +253,6 @@ optional_policy(`
|
|||
|
||||
optional_policy(`
|
||||
# each of these should probably be for mailserver_delivery or mailserver_domain
|
||||
sympa_append_var_files(exim_t)
|
||||
sympa_append_inherited_var_files(exim_t)
|
||||
sympa_read_var_files(exim_t)
|
||||
sympa_use_fd(exim_t)
|
||||
')
|
||||
|
|
|
@ -815,13 +815,13 @@ interface(`mta_read_spool_symlinks',`
|
|||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mta_rw_delivery_fifos',`
|
||||
interface(`mta_rw_inherited_delivery_pipes',`
|
||||
gen_require(`
|
||||
attribute mailserver_delivery;
|
||||
')
|
||||
|
||||
allow $1 mailserver_delivery:fd use;
|
||||
allow $1 mailserver_delivery:fifo_file { getattr read write };
|
||||
allow $1 mailserver_delivery:fifo_file rw_inherited_fifo_file_perms;
|
||||
')
|
||||
|
||||
|
||||
|
|
|
@ -298,8 +298,8 @@ optional_policy(`
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
sympa_append_var_files(system_mail_t)
|
||||
sympa_dontaudit_tcp_rw(system_mail_t)
|
||||
sympa_append_inherited_var_files(system_mail_t)
|
||||
symba_dontaudit_rw_inherited_tcp_sockets(system_mail_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -393,7 +393,7 @@ optional_policy(`
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
sympa_dontaudit_tcp_rw(mailserver_delivery)
|
||||
symba_dontaudit_rw_inherited_tcp_sockets(mailserver_delivery)
|
||||
sympa_domtrans(mailserver_delivery)
|
||||
')
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
## <summary>Sympa mailing list manager</summary>
|
||||
##
|
||||
## <desc>
|
||||
## Sympa is a popular mailing list manager.
|
||||
## https://www.sympa.org/
|
||||
|
@ -15,12 +14,13 @@
|
|||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`sympa_append_var_files',`
|
||||
interface(`sympa_append_inherited_var_files',`
|
||||
gen_require(`
|
||||
type sympa_var_t;
|
||||
type sympa_t, sympa_var_t;
|
||||
')
|
||||
|
||||
allow $1 sympa_var_t:file { append getattr };
|
||||
allow $1 sympa_t:fd use;
|
||||
allow $1 sympa_var_t:file append_inherited_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -57,8 +57,7 @@ interface(`sympa_manage_var_files',`
|
|||
type sympa_var_t;
|
||||
')
|
||||
|
||||
allow $1 sympa_var_t:dir rw_dir_perms;
|
||||
allow $1 sympa_var_t:file manage_file_perms;
|
||||
manage_files_pattern($1, sympa_var_t, sympa_var_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -97,24 +96,6 @@ interface(`sympa_domtrans',`
|
|||
domain_auto_transition_pattern($1, sympa_exec_t, sympa_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Use file handles inherited from sympa
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`sympa_use_fd',`
|
||||
gen_require(`
|
||||
type sympa_t;
|
||||
')
|
||||
|
||||
allow $1 sympa_t:fd use;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Dontaudit access to inherited sympa tcp sockets
|
||||
|
@ -125,7 +106,7 @@ interface(`sympa_use_fd',`
|
|||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`sympa_dontaudit_tcp_rw',`
|
||||
interface(`symba_dontaudit_rw_inherited_tcp_sockets',`
|
||||
gen_require(`
|
||||
type sympa_t;
|
||||
')
|
||||
|
|
|
@ -78,7 +78,7 @@ optional_policy(`
|
|||
optional_policy(`
|
||||
mta_read_config(sympa_t)
|
||||
mta_send_mail(sympa_t)
|
||||
mta_rw_delivery_fifos(sympa_t)
|
||||
mta_rw_inherited_delivery_pipes(sympa_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
|
@ -155,6 +155,7 @@ define(`mmap_read_file_perms',`{ getattr open map read ioctl }')
|
|||
define(`mmap_exec_inherited_file_perms',`{ getattr map read execute ioctl }')
|
||||
define(`mmap_exec_file_perms',`{ getattr open map read execute ioctl }')
|
||||
define(`exec_file_perms',`{ getattr open map read execute ioctl execute_no_trans }')
|
||||
define(`append_inherited_file_perms',`{ getattr append lock ioctl }')
|
||||
define(`append_file_perms',`{ getattr open append lock ioctl }')
|
||||
define(`write_inherited_file_perms',`{ getattr write append lock ioctl }')
|
||||
define(`write_file_perms',`{ getattr open write append lock ioctl }')
|
||||
|
|
Loading…
Reference in New Issue