selinux-policy/policy/modules/services/mailman.te


policy_module(mailman, 1.6.2)

########################################
#
# Declarations
#

mailman_domain_template(cgi)

type mailman_data_t;
files_type(mailman_data_t)

type mailman_archive_t;
files_type(mailman_archive_t)

type mailman_log_t;
logging_log_file(mailman_log_t)

type mailman_lock_t;
files_lock_file(mailman_lock_t)

mailman_domain_template(mail)
init_daemon_domain(mailman_mail_t, mailman_mail_exec_t)

mailman_domain_template(queue)

########################################
#
# Mailman CGI local policy
#

# cjp: the template invocation for cgi should be
# in the below optional policy; however, there are no
# optionals for file contexts yet, so it is promoted
# to global scope until such facilities exist.

optional_policy(`
	dev_read_urand(mailman_cgi_t)

	manage_dirs_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
	manage_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
	manage_lnk_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)

	files_search_spool(mailman_cgi_t)

	term_use_controlling_term(mailman_cgi_t)

	# for python pre-compile foolishness
	libs_dontaudit_write_lib_dirs(mailman_cgi_t)

	apache_sigchld(mailman_cgi_t)
	apache_use_fds(mailman_cgi_t)
	apache_dontaudit_append_log(mailman_cgi_t)
	apache_search_sys_script_state(mailman_cgi_t)

	optional_policy(`
		nscd_socket_use(mailman_cgi_t)
	')
')

########################################
#
# Mailman mail local policy
#

allow mailman_mail_t self:unix_dgram_socket create_socket_perms;

mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)

ifdef(`TODO',`
optional_policy(`
	allow mailman_mail_t qmail_spool_t:file { read ioctl getattr };
	# do we really need this?
	allow mailman_mail_t qmail_lspawn_t:fifo_file write;
')
')

########################################
#
# Mailman queue local policy
#

allow mailman_queue_t self:capability { setgid setuid };
allow mailman_queue_t self:process signal;
allow mailman_queue_t self:fifo_file rw_fifo_file_perms;
allow mailman_queue_t self:unix_dgram_socket create_socket_perms;

manage_dirs_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
manage_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
manage_lnk_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)

kernel_read_proc_symlinks(mailman_queue_t)

auth_domtrans_chk_passwd(mailman_queue_t)

files_dontaudit_search_pids(mailman_queue_t)

# for su
seutil_dontaudit_search_config(mailman_queue_t)

# some of the following could probably be changed to dontaudit, someone who
# knows mailman well should test this out and send the changes
userdom_search_user_home_dirs(mailman_queue_t)

su_exec(mailman_queue_t)

optional_policy(`
	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
')
add mailman 2005-10-11 15:36:53 +00:00
trunk: Remove node definitions and change node usage to generic nodes. 2009-01-09 19:48:02 +00:00			`policy_module(mailman, 1.6.2)`
add mailman 2005-10-11 15:36:53 +00:00
			`########################################`
			`#`
			`# Declarations`
			`#`

			`mailman_domain_template(cgi)`

			`type mailman_data_t;`
			`files_type(mailman_data_t)`

			`type mailman_archive_t;`
			`files_type(mailman_archive_t)`

			`type mailman_log_t;`
			`logging_log_file(mailman_log_t)`

			`type mailman_lock_t;`
			`files_lock_file(mailman_lock_t)`

			`mailman_domain_template(mail)`
trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`init_daemon_domain(mailman_mail_t, mailman_mail_exec_t)`
add mailman 2005-10-11 15:36:53 +00:00
			`mailman_domain_template(queue)`

			`########################################`
			`#`
			`# Mailman CGI local policy`
			`#`

patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00			`# cjp: the template invocation for cgi should be`
add mailman 2005-10-11 15:36:53 +00:00			`# in the below optional policy; however, there are no`
			`# optionals for file contexts yet, so it is promoted`
			`# to global scope until such facilities exist.`

deprecate module name as first parameter of optional_policy() 2006-03-24 16:13:54 +00:00			optional_policy(`
patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00			`dev_read_urand(mailman_cgi_t)`

trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`manage_dirs_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)`
			`manage_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)`
			`manage_lnk_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)`
add mailman 2005-10-11 15:36:53 +00:00
patch from russell, Thu, 5 Oct 2006 22:44:49 +1000 Allow unconfined processes to see unlabeled processes in ps. Removed a redundant rule in samba.te Removed support for the pre-Fedora Red Hat code to create sym-links in /boot. Removed support for devpts_t files in /tmp (there is no way that would ever work). Allowed postgrey to create socket files. Made the specs for the /lib and /lib64 directories better support stem compression. 2006-10-05 19:57:37 +00:00			`files_search_spool(mailman_cgi_t)`
add mailman 2005-10-11 15:36:53 +00:00
			`term_use_controlling_term(mailman_cgi_t)`

patch from russell, Thu, 5 Oct 2006 22:44:49 +1000 Allow unconfined processes to see unlabeled processes in ps. Removed a redundant rule in samba.te Removed support for the pre-Fedora Red Hat code to create sym-links in /boot. Removed support for devpts_t files in /tmp (there is no way that would ever work). Allowed postgrey to create socket files. Made the specs for the /lib and /lib64 directories better support stem compression. 2006-10-05 19:57:37 +00:00			`# for python pre-compile foolishness`
			`libs_dontaudit_write_lib_dirs(mailman_cgi_t)`
add mailman 2005-10-11 15:36:53 +00:00
			`apache_sigchld(mailman_cgi_t)`
make (almost) all interface parameters required. move boot_t, system_map_t, and modules_object_t to files module. fd use interface renames, udp sendto interface renames. 2006-03-02 23:41:11 +00:00			`apache_use_fds(mailman_cgi_t)`
add mailman 2005-10-11 15:36:53 +00:00			`apache_dontaudit_append_log(mailman_cgi_t)`
fix several modular build problems 2005-11-29 21:27:15 +00:00			`apache_search_sys_script_state(mailman_cgi_t)`
patch from dan Wed, 26 Jul 2006 14:42:46 -0400 2006-07-28 15:13:58 +00:00
			optional_policy(`
			`nscd_socket_use(mailman_cgi_t)`
			`')`
add mailman 2005-10-11 15:36:53 +00:00			`')`

			`########################################`
			`#`
			`# Mailman mail local policy`
			`#`

			`allow mailman_mail_t self:unix_dgram_socket create_socket_perms;`

another slew of renaming 2006-02-02 21:08:12 +00:00			`mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)`
add mailman 2005-10-11 15:36:53 +00:00
			ifdef(`TODO',`
deprecate module name as first parameter of optional_policy() 2006-03-24 16:13:54 +00:00			optional_policy(`
add mailman 2005-10-11 15:36:53 +00:00			`allow mailman_mail_t qmail_spool_t:file { read ioctl getattr };`
			`# do we really need this?`
			`allow mailman_mail_t qmail_lspawn_t:fifo_file write;`
			`')`
			`')`

			`########################################`
			`#`
			`# Mailman queue local policy`
			`#`

			`allow mailman_queue_t self:capability { setgid setuid };`
			`allow mailman_queue_t self:process signal;`
merge policy patterns to trunk 2006-12-12 20:08:08 +00:00			`allow mailman_queue_t self:fifo_file rw_fifo_file_perms;`
add mailman 2005-10-11 15:36:53 +00:00			`allow mailman_queue_t self:unix_dgram_socket create_socket_perms;`

trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`manage_dirs_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)`
			`manage_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)`
			`manage_lnk_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)`
add mailman 2005-10-11 15:36:53 +00:00
			`kernel_read_proc_symlinks(mailman_queue_t)`

			`auth_domtrans_chk_passwd(mailman_queue_t)`

			`files_dontaudit_search_pids(mailman_queue_t)`

			`# for su`
			`seutil_dontaudit_search_config(mailman_queue_t)`

			`# some of the following could probably be changed to dontaudit, someone who`
			`# knows mailman well should test this out and send the changes`
trunk: merge UBAC. 2008-11-05 16:10:46 +00:00			`userdom_search_user_home_dirs(mailman_queue_t)`

			`su_exec(mailman_queue_t)`
add mailman 2005-10-11 15:36:53 +00:00
deprecate module name as first parameter of optional_policy() 2006-03-24 16:13:54 +00:00			optional_policy(`
trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`cron_system_entry(mailman_queue_t, mailman_queue_exec_t)`
add mailman 2005-10-11 15:36:53 +00:00			`')`