diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 479e58d0..20ecf477 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -114,6 +114,17 @@ template(`mta_per_userdomain_template',`
userdom_use_user_terminals($1,$1_mail_t)
# Write to the user domain tty. cjp: why?
userdom_use_user_terminals($1,mta_user_agent)
+ # Create dead.letter in user home directories.
+ userdom_manage_user_home_subdir_files($1,$1_mail_t)
+ userdom_create_user_home($1,$1_mail_t,file)
+ # for reading .forward - maybe we need a new type for it?
+ # also for delivering mail to maildir
+ userdom_manage_user_home_subdirs($1,mailserver_delivery)
+ userdom_manage_user_home_subdir_files($1,mailserver_delivery)
+ userdom_manage_user_home_subdir_symlinks($1,mailserver_delivery)
+ userdom_manage_user_home_subdir_pipes($1,mailserver_delivery)
+ userdom_manage_user_home_subdir_sockets($1,mailserver_delivery)
+ userdom_create_user_home($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files($1_mail_t)
@@ -153,16 +164,10 @@ template(`mta_per_userdomain_template',`
# Inherit and use descriptors from gnome-pty-helper.
ifdef(`gnome-pty-helper.te', `allow $1_mail_t $1_gph_t:fd use;')
- # Create dead.letter in user home directories.
- file_type_auto_trans($1_mail_t, $1_home_dir_t, $1_home_t, file)
# if you do not want to allow dead.letter then use the following instead
#allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms;
#allow $1_mail_t $1_home_t:file r_file_perms;
- # for reading .forward - maybe we need a new type for it?
- # also for delivering mail to maildir
- file_type_auto_trans(mailserver_delivery, $1_home_dir_t, $1_home_t)
-
ifdef(`qmail.te', `
allow $1_mail_t qmail_etc_t:dir search;
allow $1_mail_t qmail_etc_t:{ file lnk_file } read;
@@ -254,10 +259,15 @@ interface(`mta_mailserver_sender',`
interface(`mta_mailserver_delivery',`
gen_require(`
attribute mailserver_delivery;
+ type mail_spool_t;
')
typeattribute $1 mailserver_delivery;
+ allow $1 mail_spool_t:dir ra_dir_perms;
+ allow $1 mail_spool_t:file { create ioctl read getattr lock append };
+ allow $1 mail_spool_t:lnk_file { create read getattr };
+
optional_policy(`dovecot.te',`
dovecot_manage_spool($1)
')
@@ -301,11 +311,8 @@ interface(`mta_mailserver_user_agent',`
#
interface(`mta_send_mail',`
gen_require(`
+ attribute mta_user_agent;
type system_mail_t, sendmail_exec_t;
- class lnk_file r_file_perms;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
allow $1 sendmail_exec_t:lnk_file r_file_perms;
@@ -316,11 +323,9 @@ interface(`mta_send_mail',`
allow system_mail_t $1:fifo_file rw_file_perms;
allow system_mail_t $1:process sigchld;
- ifdef(`TODO',`
allow mta_user_agent $1:fd use;
allow mta_user_agent $1:process sigchld;
allow mta_user_agent $1:fifo_file { read write };
- ')
')
#######################################
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 271ac250..634838c1 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -28,7 +28,7 @@ files_type(mail_spool_t)
type sendmail_exec_t;
files_type(sendmail_exec_t)
-type system_mail_t;
+type system_mail_t, user_mail_domain;
domain_type(system_mail_t)
domain_entry_file(system_mail_t,sendmail_exec_t)
role system_r types system_mail_t;
@@ -107,6 +107,16 @@ ifdef(`targeted_policy',`
allow system_mail_t mqueue_spool_t:file create_file_perms;
allow system_mail_t mqueue_spool_t:lnk_file create_lnk_perms;
+ # for reading .forward - maybe we need a new type for it?
+ # also for delivering mail to maildir
+ # cjp: fix this to generic_user interfaces
+ userdom_manage_user_home_subdirs(user,mailserver_delivery)
+ userdom_manage_user_home_subdir_files(user,mailserver_delivery)
+ userdom_manage_user_home_subdir_symlinks(user,mailserver_delivery)
+ userdom_manage_user_home_subdir_pipes(user,mailserver_delivery)
+ userdom_manage_user_home_subdir_sockets(user,mailserver_delivery)
+ userdom_create_user_home(user,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
+
# cjp: another require-in-else to resolve
# optional_policy(`postfix.te',`',`
corecmd_exec_bin(system_mail_t)
@@ -201,9 +211,6 @@ ifdef(`targeted_policy',`
r_dir_file(sysadm_mail_t, user_home_type)
')
-allow system_mail_t privmail:fd use;
-allow system_mail_t privmail:process sigchld;
-allow system_mail_t privmail:fifo_file { read write };
optional_policy(`qmail.te',`
allow system_mail_t qmail_etc_t:dir search;
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index 66fa2be9..1a6a4359 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -66,6 +66,7 @@ template(`postfix_domain_template',`
files_read_etc_files(postfix_$1_t)
files_read_etc_runtime_files(postfix_$1_t)
+ files_read_usr_symlinks(postfix_$1_t)
files_search_spool(postfix_$1_t)
files_getattr_tmp_dir(postfix_$1_t)
@@ -174,6 +175,52 @@ interface(`postfix_read_config',`
files_search_etc($1)
')
+########################################
+##
+## Execute postfix_map in the postfix_map domain.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`postfix_domtrans_map',`
+ gen_require(`
+ type postfix_map_t, postfix_map_exec_t;
+ ')
+
+ domain_auto_trans($1,postfix_map_exec_t,postfix_map_t)
+
+ allow $1 postfix_map_t:fd use;
+ allow postfix_map_t $1:fd use;
+ allow postfix_map_t $1:fifo_file rw_file_perms;
+ allow postfix_map_t $1:process sigchld;
+')
+
+########################################
+##
+## Execute postfix_map in the postfix_map domain, and
+## allow the specified role the postfix_map domain.
+##
+##
+## Domain allowed access.
+##
+##
+## The role to be allowed the postfix_map domain.
+##
+##
+## The type of the terminal allow the postfix_map domain to use.
+##
+#
+interface(`postfix_run_map',`
+ gen_require(`
+ type postfix_map_t;
+ ')
+
+ postfix_domtrans_map($1)
+ role $2 types postfix_map_t;
+ allow postfix_map_t $3:chr_file rw_term_perms;
+')
+
########################################
##
## Execute the master postfix program in the
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index a25e13f9..8a2b38b6 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -480,6 +480,10 @@ allow postfix_showq_t postfix_postqueue_t:fd use;
allow postfix_showq_t postfix_postqueue_t:fifo_file rw_file_perms;
allow postfix_showq_t postfix_postqueue_t:process sigchld;
+# to write the mailq output, it really should not need read access!
+term_use_all_user_ptys(postfix_postqueue_t)
+term_use_all_user_ttys(postfix_postqueue_t)
+
init_sigchld_script(postfix_postqueue_t)
init_use_script_fd(postfix_postqueue_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 5054eab2..5ba26353 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -198,6 +198,10 @@ optional_policy(`modutils.te',`
')
')
+optional_policy(`mta.te',`
+ mta_send_mail(pppd_t)
+')
+
optional_policy(`nis.te',`
nis_use_ypbind(pppd_t)
')
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index fd793e99..471fd284 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1363,12 +1363,11 @@ interface(`files_create_boot_flag',`
interface(`files_read_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
- class dir r_dir_perms;
- class file r_file_perms;
')
allow $1 etc_t:dir r_dir_perms;
allow $1 etc_runtime_t:file r_file_perms;
+ allow $1 etc_runtime_t:lnk_file { getattr read };
')
########################################
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 0f3715cf..faa6dfd3 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -537,6 +537,7 @@ optional_policy(`mailman.te',`
')
optional_policy(`mta.te',`
+ mta_send_mail(initrc_t)
mta_dontaudit_read_spool_symlink(initrc_t)
')
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index 99fbe400..f3c237e7 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -35,6 +35,10 @@ ifdef(`targeted_policy',`
userdom_unconfined(unconfined_t)
+ optional_policy(`postfix.te',`
+ postfix_domtrans_map(unconfined_t)
+ ')
+
optional_policy(`samba.te',`
samba_domtrans_net(unconfined_t)
')
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 57edcc19..7b70a14c 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1004,6 +1004,39 @@ template(`userdom_search_user_home',`
allow $2 $1_home_dir_t:dir { getattr search };
')
+########################################
+##
+## Create, read, write, and delete symbolic links
+## in a user home subdirectory.
+##
+##
+##
+## Create, read, write, and delete symbolic links
+## in a user home subdirectory.
+##
+##
+## This is a templated interface, and should only
+## be called from a per-userdomain template.
+##
+##
+##
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+##
+##
+## The type of the process performing this action.
+##
+#
+template(`userdom_manage_user_home_subdirs',`
+ gen_require(`
+ type $1_home_dir_t, $1_home_t;
+ ')
+
+ files_search_home($2)
+ allow $2 $1_home_dir_t:dir rw_dir_perms;
+ allow $2 $1_home_t:dir manage_dir_perms;
+')
+
########################################
##
## Read user home files.