add more parts to send_mail and drop transition since its more then a transition

This commit is contained in:
Chris PeBenito 2005-05-13 20:52:28 +00:00
parent 35519c1d17
commit c6a3a22457
1 changed files with 11 additions and 4 deletions

View File

@ -165,22 +165,29 @@ type sendmail_exec_t;
#######################################
#
# mta_send_mail_transition(domain)
# mta_send_mail(domain)
#
define(`mta_send_mail_transition',`
define(`mta_send_mail',`
requires_block_template(`$0'_depend)
allow $1 sendmail_exec_t:lnk_file { getattr read };
allow $1 sendmail_exec_t:file { getattr read execute };
allow $1 system_mail_t:process transition;
type_transition $1 sendmail_exec_t:file system_mail_t;
dontaudit $1 system_mail_t:process { noatsecure siginh rlimitinh };
allow $1 system_mail_t:fd use;
allow system_mail_t $1:process sigchld;
allow system_mail_t $1:fd use;
allow system_mail_t $1:fifo_file { ioctl read getattr lock write append };
')
define(`mta_send_mail_transition_depend',`
define(`mta_send_mail_depend',`
type system_mail_t, sendmail_exec_t;
class file { getattr read execute };
class lnk_file { getattr read };
class process { transition noatsecure siginh rlimitinh };
class process { transition noatsecure siginh rlimitinh sigchld };
class fd use;
class fifo_file { ioctl read getattr lock write append };
')
#######################################