services interfaces review
This commit is contained in:
Chris PeBenito
parent
7f2e39b8e6
commit
5e6f9e5aac
@ -244,13 +244,11 @@ define(`cron_admin_template',`
|
||||
# cron_rw_log(domain)
|
||||
#
|
||||
define(`cron_rw_log',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type crond_log_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
allow $1 crond_log_t:file rw_file_perms;
|
||||
')
|
||||
|
||||
define(`cron_rw_log_depend',`
|
||||
type crond_log_t;
|
||||
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
@ -8,8 +8,6 @@
|
||||
# mta_per_userdomain_template(userdomain_prefix)
|
||||
#
|
||||
define(`mta_per_userdomain_template',`
|
||||
gen_require(`$0'_depend)
|
||||
|
||||
type $1_mail_t; # , user_mail_domain, nscd_client_domain;
|
||||
domain_type($1_mail_t)
|
||||
role $1_r types $1_mail_t;
|
||||
@ -136,45 +134,43 @@ define(`mta_per_userdomain_template',`
|
||||
') dnl end TODO
|
||||
')
|
||||
|
||||
define(`mta_per_userdomain_template_depend',`
|
||||
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_mailserver(domain,entrypointtype)
|
||||
#
|
||||
define(`mta_mailserver',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
attribute mailserver_domain;
|
||||
')
|
||||
|
||||
init_daemon_domain($1,$2)
|
||||
typeattribute $1 mailserver_domain;
|
||||
')
|
||||
|
||||
define(`mta_mailserver_depend',`
|
||||
attribute mailserver_domain;
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_sendmail_mailserver(domain,entrypointtype)
|
||||
#
|
||||
define(`mta_sendmail_mailserver',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type sendmail_exec_t;
|
||||
')
|
||||
|
||||
mta_mailserver($1,sendmail_exec_t)
|
||||
')
|
||||
|
||||
define(`mta_sendmail_mailserver_depend',`
|
||||
type sendmail_exec_t;
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_send_mail(domain)
|
||||
#
|
||||
define(`mta_send_mail',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type system_mail_t, sendmail_exec_t;
|
||||
class lnk_file r_file_perms;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 sendmail_exec_t:lnk_file r_file_perms;
|
||||
domain_auto_trans($1, sendmail_exec_t, system_mail_t)
|
||||
@ -185,32 +181,18 @@ define(`mta_send_mail',`
|
||||
allow system_mail_t $1:process sigchld;
|
||||
')
|
||||
|
||||
define(`mta_send_mail_depend',`
|
||||
type system_mail_t, sendmail_exec_t;
|
||||
|
||||
class file { getattr read execute };
|
||||
class lnk_file r_file_perms;
|
||||
class process { transition noatsecure siginh rlimitinh sigchld };
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_exec(domain)
|
||||
#
|
||||
define(`mta_exec',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type sendmail_exec_t;
|
||||
')
|
||||
|
||||
can_exec($1, sendmail_exec_t)
|
||||
')
|
||||
|
||||
define(`mta_exec_depend',`
|
||||
type sendmail_exec_t;
|
||||
|
||||
class file { getattr read execute execute_no_trans };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <interface name="mta_read_aliases">
|
||||
## <description>
|
||||
@ -222,39 +204,40 @@ define(`mta_exec_depend',`
|
||||
## </interface>
|
||||
#
|
||||
define(`mta_read_aliases',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type etc_aliases_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
allow $1 etc_aliases_t:file r_file_perms;
|
||||
')
|
||||
|
||||
define(`mta_read_aliases_depend',`
|
||||
type etc_aliases_t;
|
||||
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_rw_aliases(domain)
|
||||
#
|
||||
define(`mta_rw_aliases',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type etc_aliases_t;
|
||||
class file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
allow sendmail_t etc_aliases_t:file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
define(`mta_rw_aliases_depend',`
|
||||
type etc_aliases_t;
|
||||
|
||||
class file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_getattr_spool(domain)
|
||||
#
|
||||
define(`mta_getattr_spool',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class dir r_dir_perms;
|
||||
class file getattr;
|
||||
class lnk_file read;
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
allow $1 mail_spool_t:dir r_dir_perms;
|
||||
@ -262,68 +245,52 @@ define(`mta_getattr_spool',`
|
||||
allow $1 mail_spool_t:file getattr;
|
||||
')
|
||||
|
||||
define(`mta_getattr_spool_depend',`
|
||||
type mail_spool_t;
|
||||
|
||||
class dir r_dir_perms;
|
||||
class file getattr;
|
||||
class lnk_file read;
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_rw_spool(domain)
|
||||
#
|
||||
define(`mta_rw_spool',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class dir r_dir_perms;
|
||||
class file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
allow $1 mail_spool_t:dir rw_dir_perms;
|
||||
allow $1 mail_spool_t:dir r_dir_perms;
|
||||
allow $1 mail_spool_t:file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
define(`mta_rw_spool_depend',`
|
||||
type mail_spool_t;
|
||||
|
||||
class dir rw_dir_perms;
|
||||
class file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_manage_spool(domain)
|
||||
#
|
||||
define(`mta_manage_spool',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
allow $1 mail_spool_t:dir rw_dir_perms;
|
||||
allow $1 mail_spool_t:file create_file_perms;
|
||||
')
|
||||
|
||||
define(`mta_manage_spool_depend',`
|
||||
type mail_spool_t;
|
||||
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# mta_manage_queue(domain)
|
||||
#
|
||||
define(`mta_manage_queue',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type mqueue_spool_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
# FIXME: search /var/spool dir
|
||||
allow $1 mqueue_spool_t:dir rw_dir_perms;
|
||||
allow $1 mqueue_spool_t:file create_file_perms;
|
||||
')
|
||||
|
||||
define(`mta_manage_queue_depend',`
|
||||
type mqueue_spool_t;
|
||||
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
## </module>
|
||||
|
||||
@ -12,13 +12,11 @@
|
||||
## </interface>
|
||||
#
|
||||
define(`remotelogin_domtrans',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type remote_login_t;
|
||||
')
|
||||
|
||||
auth_domtrans_login_program($1,remote_login_t)
|
||||
')
|
||||
|
||||
define(`remotelogin_domtrans_depend',`
|
||||
type remote_login_t;
|
||||
')
|
||||
|
||||
## </module>
|
||||
|
||||
@ -12,8 +12,15 @@
|
||||
## </interface>
|
||||
#
|
||||
define(`sendmail_domtrans',`
|
||||
gen_require(`$0'_depend)
|
||||
gen_require(`
|
||||
type sendmail_exec_t, sendmail_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
corecmd_search_sbin($1)
|
||||
domain_auto_trans($1,sendmail_exec_t,sendmail_t)
|
||||
|
||||
allow $1 sendmail_t:fd use;
|
||||
@ -22,12 +29,4 @@ define(`sendmail_domtrans',`
|
||||
allow sendmail_t $1:process sigchld;
|
||||
')
|
||||
|
||||
define(`sendmail_domtrans_depend',`
|
||||
type sendmail_exec_t, sendmail_t;
|
||||
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
## </module>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user