diff --git a/Changelog b/Changelog index a618ed28..8bb11814 100644 --- a/Changelog +++ b/Changelog @@ -10,6 +10,7 @@ - Add missing compatibility aliases for xdm_xserver*_t types. - Added modules: abrt (Dan Walsh) + dkim (Stefan Schulze Frielinghaus) gitosis (Miroslav Grepl) gnomeclock (Dan Walsh) hddtemp (Dan Walsh) diff --git a/policy/modules/services/dkim.fc b/policy/modules/services/dkim.fc new file mode 100644 index 00000000..dc1056c5 --- /dev/null +++ b/policy/modules/services/dkim.fc @@ -0,0 +1,9 @@ +/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) + +/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0) + +/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) + +/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0) diff --git a/policy/modules/services/dkim.if b/policy/modules/services/dkim.if new file mode 100644 index 00000000..32d108ad --- /dev/null +++ b/policy/modules/services/dkim.if @@ -0,0 +1 @@ +## DomainKeys Identified Mail milter. diff --git a/policy/modules/services/dkim.te b/policy/modules/services/dkim.te new file mode 100644 index 00000000..7c01d0e1 --- /dev/null +++ b/policy/modules/services/dkim.te @@ -0,0 +1,32 @@ + +policy_module(dkim, 1.0.0) + +######################################## +# +# Declarations +# + +milter_template(dkim) + +# Type for the private key of dkim-filter +type dkim_milter_private_key_t; +files_type(dkim_milter_private_key_t) + +######################################## +# +# Local policy +# + +allow dkim_milter_t self:capability { setgid setuid }; + +read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t) + +kernel_read_kernel_sysctls(dkim_milter_t) + +dev_read_urand(dkim_milter_t) + +files_read_etc_files(dkim_milter_t) + +sysnet_dns_name_resolve(dkim_milter_t) + +mta_read_config(dkim_milter_t)