trunk: Milter state directory patch from Paul Howarth.
This commit is contained in:
parent
a5ef553c2d
commit
0cf1d56018
|
@ -1,3 +1,4 @@
|
||||||
|
- Milter state directory patch from Paul Howarth.
|
||||||
- Add MLS constrains for ingress/egress and secmark from Paul Moore.
|
- Add MLS constrains for ingress/egress and secmark from Paul Moore.
|
||||||
- Drop write permission from fs_read_rpc_sockets().
|
- Drop write permission from fs_read_rpc_sockets().
|
||||||
- Remove unused udev_runtime_t type.
|
- Remove unused udev_runtime_t type.
|
||||||
|
|
|
@ -2,5 +2,7 @@
|
||||||
/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
|
/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
|
||||||
|
|
||||||
/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamass_milter_exec_t,s0)
|
/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamass_milter_exec_t,s0)
|
||||||
|
|
||||||
|
/var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
|
||||||
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||||
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||||
|
|
|
@ -77,3 +77,24 @@ interface(`milter_getattr_all_sockets',`
|
||||||
getattr_dirs_pattern($1, milter_data_type, milter_data_type)
|
getattr_dirs_pattern($1, milter_data_type, milter_data_type)
|
||||||
getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
|
getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Manage spamassassin milter state
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`milter_manage_spamass_state',`
|
||||||
|
gen_require(`
|
||||||
|
type spamass_milter_state_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_var_lib($1)
|
||||||
|
manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
|
||||||
|
manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
|
||||||
|
manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
|
||||||
|
')
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(milter, 1.0.0)
|
policy_module(milter, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -14,6 +14,12 @@ attribute milter_data_type;
|
||||||
milter_template(regex)
|
milter_template(regex)
|
||||||
milter_template(spamass)
|
milter_template(spamass)
|
||||||
|
|
||||||
|
# Type for the spamass-milter home directory, under which spamassassin will
|
||||||
|
# store system-wide preferences, bayes databases etc. if not configured to
|
||||||
|
# use per-user configuration
|
||||||
|
type spamass_milter_state_t;
|
||||||
|
files_type(spamass_milter_state_t)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# milter-regex local policy
|
# milter-regex local policy
|
||||||
|
@ -41,6 +47,10 @@ mta_read_config(regex_milter_t)
|
||||||
# http://savannah.nongnu.org/projects/spamass-milt/
|
# http://savannah.nongnu.org/projects/spamass-milt/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# The milter runs from /var/lib/spamass-milter
|
||||||
|
allow spamass_milter_t spamass_milter_state_t:dir search_dir_perms;
|
||||||
|
files_search_var_lib(spamass_milter_t)
|
||||||
|
|
||||||
kernel_read_system_state(spamass_milter_t)
|
kernel_read_system_state(spamass_milter_t)
|
||||||
|
|
||||||
# When used with -b or -B options, the milter invokes sendmail to send mail
|
# When used with -b or -B options, the milter invokes sendmail to send mail
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(spamassassin, 2.1.2)
|
policy_module(spamassassin, 2.1.3)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -279,6 +279,11 @@ optional_policy(`
|
||||||
evolution_stream_connect(spamc_t)
|
evolution_stream_connect(spamc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
# Needed for pyzor/razor called from spamd
|
||||||
|
milter_manage_spamass_state(spamc_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
nis_use_ypbind(spamc_t)
|
nis_use_ypbind(spamc_t)
|
||||||
')
|
')
|
||||||
|
@ -418,6 +423,10 @@ optional_policy(`
|
||||||
dcc_stream_connect_dccifd(spamd_t)
|
dcc_stream_connect_dccifd(spamd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
milter_manage_spamass_state(spamd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mysql_search_db(spamd_t)
|
mysql_search_db(spamd_t)
|
||||||
mysql_stream_connect(spamd_t)
|
mysql_stream_connect(spamd_t)
|
||||||
|
|
Loading…
Reference in New Issue