From 02b584a174d1d50bff5d0dbf0ef0472041a1a473 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 7 Jun 2005 15:10:43 +0000 Subject: [PATCH] initial commit --- refpolicy/policy/modules/services/sendmail.fc | 8 +++++ refpolicy/policy/modules/services/sendmail.if | 34 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 refpolicy/policy/modules/services/sendmail.fc create mode 100644 refpolicy/policy/modules/services/sendmail.if diff --git a/refpolicy/policy/modules/services/sendmail.fc b/refpolicy/policy/modules/services/sendmail.fc new file mode 100644 index 00000000..87298d24 --- /dev/null +++ b/refpolicy/policy/modules/services/sendmail.fc @@ -0,0 +1,8 @@ +# sendmail file contexts +/etc/mail(/.*)? context_template(system_u:object_r:etc_mail_t,s0) + +/var/log/sendmail\.st -- context_template(system_u:object_r:sendmail_log_t,s0) +/var/log/mail(/.*)? context_template(system_u:object_r:sendmail_log_t,s0) + +/var/run/sendmail\.pid -- context_template(system_u:object_r:sendmail_var_run_t,s0) +/var/run/sm-client\.pid -- context_template(system_u:object_r:sendmail_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if new file mode 100644 index 00000000..af78e0fe --- /dev/null +++ b/refpolicy/policy/modules/services/sendmail.if @@ -0,0 +1,34 @@ +## +## Policy for sendmail. + +######################################## +## +## +## Domain transition to sendmail. +## +## +## The type of the process performing this action. +## +## +## +# +define(`sendmail_domtrans',` + requires_block_template(`$0'_depend) + + domain_auto_trans($1,sendmail_exec_t,sendmail_t) + + allow $1 sendmail_t:fd use; + allow sendmail_t $1:fd use; + allow sendmail_t $1:fifo_file rw_file_perms; + allow sendmail_t $1:process sigchld; +') + +define(`sendmail_domtrans_depend',` + type sendmail_exec_t, sendmail_t; + + class process sigchld; + class fd use; + class fifo_file rw_file_perms; +') + +##