Various amavis fixes.

Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
This commit is contained in:
Dominick Grift 2010-02-24 13:00:42 +01:00 committed by Chris PeBenito
parent 402bbb9fe9
commit 88340b904a

View File

@ -18,9 +18,28 @@ interface(`amavis_domtrans',`
type amavis_t, amavis_exec_t; type amavis_t, amavis_exec_t;
') ')
corecmd_search_bin($1)
domtrans_pattern($1, amavis_exec_t, amavis_t) domtrans_pattern($1, amavis_exec_t, amavis_t)
') ')
########################################
## <summary>
## Execute amavis server in the amavis domain.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`amavis_initrc_domtrans',`
gen_require(`
type afs_initrc_exec_t;
')
init_labeled_script_domtrans($1, amavis_initrc_exec_t)
')
######################################## ########################################
## <summary> ## <summary>
## Read amavis spool files. ## Read amavis spool files.
@ -209,13 +228,12 @@ interface(`amavis_admin',`
type amavis_t, amavis_tmp_t, amavis_var_log_t; type amavis_t, amavis_tmp_t, amavis_var_log_t;
type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t; type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t;
type amavis_etc_t, amavis_quarantine_t; type amavis_etc_t, amavis_quarantine_t;
type amavis_initrc_exec_t;
') ')
allow $1 amavis_t:process { ptrace signal_perms }; allow $1 amavis_t:process { ptrace signal_perms };
ps_process_pattern($1, amavis_t) ps_process_pattern($1, amavis_t)
init_labeled_script_domtrans($1, amavis_initrc_exec_t) amavis_initrc_domtrans($1)
domain_system_change_exemption($1) domain_system_change_exemption($1)
role_transition $2 amavis_initrc_exec_t system_r; role_transition $2 amavis_initrc_exec_t system_r;
allow $2 system_r; allow $2 system_r;