diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 67198fe2..157647e5 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -224,6 +224,12 @@ template(`mta_per_userdomain_template',`
userdom_manage_user_home_subdir_pipes($1,mailserver_delivery)
userdom_manage_user_home_subdir_sockets($1,mailserver_delivery)
userdom_filetrans_user_home($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
+ # Read user temporary files.
+ userdom_read_user_tmp_files($1,$1_mail_t)
+ userdom_dontaudit_append_user_tmp_files($1,$1_mail_t)
+ # cjp: this should probably be read all user tmp
+ # files in an appropriate place for mta_user_agent
+ userdom_read_user_tmp_files($1,mta_user_agent)
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files($1_mail_t)
@@ -232,21 +238,17 @@ template(`mta_per_userdomain_template',`
optional_policy(`postfix',`
allow $1_mail_t self:capability dac_override;
+
+ # Read user temporary files.
+ # postfix seems to need write access if the file handle is opened read/write
+ userdom_rw_user_tmp_files($1,$1_mail_t)
+
postfix_read_config($1_mail_t)
postfix_list_spool($1_mail_t)
')
+
ifdef(`TODO',`
- # Read user temporary files.
- allow $1_mail_t $1_tmp_t:file r_file_perms;
- dontaudit $1_mail_t $1_tmp_t:file append;
- ifdef(`postfix.te',`
- # postfix seems to need write access if the file handle is opened read/write
- allow $1_mail_t $1_tmp_t:file write;
- ')
-
- allow mta_user_agent $1_tmp_t:file r_file_perms;
-
# if you do not want to allow dead.letter then use the following instead
#allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms;
#allow $1_mail_t $1_home_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index dab09220..446282ea 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -157,11 +157,10 @@ template(`postfix_user_domain_template',`
template(`postfix_per_userdomain_template',`
gen_require(`
attribute postfix_user_domains;
+ type postfix_postdrop_t;
')
- # cjp: perhaps this should actually be $3
- # instead of just sysadm_r?
- #role sysadm_r types postfix_user_domains;
+ role $3 types postfix_postdrop_t;
allow postfix_user_domains $2:process sigchld;
allow postfix_user_domains $2:fifo_file { write getattr };
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index d0e73f35..82c01177 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1915,6 +1915,76 @@ template(`userdom_dontaudit_read_user_tmp_files',`
dontaudit $2 $1_tmp_t:file r_file_perms;
')
+########################################
+##
+## Do not audit attempts to append users
+## temporary files.
+##
+##
+##
+## Do not audit attempts to append users
+## temporary files.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+template(`userdom_dontaudit_append_user_tmp_files',`
+ gen_require(`
+ type $1_tmp_t;
+ ')
+
+ dontaudit $2 $1_tmp_t:file append;
+')
+
+########################################
+##
+## Read and write user temporary files.
+##
+##
+##
+## Read and write user temporary files.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+template(`userdom_rw_user_tmp_files',`
+ gen_require(`
+ type $1_tmp_t;
+ ')
+
+ files_search_tmp($2)
+ allow $2 $1_tmp_t:dir r_dir_perms;
+ allow $2 $1_tmp_t:file rw_file_perms;
+')
+
########################################
##
## Read user