trunk: Patch to handle postfix data_directory from Vaclav Ovsik.

This commit is contained in:
Chris PeBenito 2008-06-24 13:21:35 +00:00
parent 7f4005e348
commit 8c6292b7a4
3 changed files with 12 additions and 1 deletions

View File

@ -1,3 +1,4 @@
- Patch to handle postfix data_directory from Vaclav Ovsik.
- SE-Postgresql policy from KaiGai Kohei. - SE-Postgresql policy from KaiGai Kohei.
- Patch for X.org dbus support from Martin Orr. - Patch for X.org dbus support from Martin Orr.
- Patch for labeled networking controls in 2.6.25 from Paul Moore. - Patch for labeled networking controls in 2.6.25 from Paul Moore.

View File

@ -43,6 +43,9 @@ ifdef(`distro_redhat', `
/usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s0) /usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s0)
/usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_exec_t,s0) /usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
/usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_data_t,s0)
/var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0) /var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(postfix,1.8.0) policy_module(postfix, 1.8.1)
######################################## ########################################
# #
@ -83,6 +83,10 @@ files_type(postfix_public_t)
type postfix_var_run_t; type postfix_var_run_t;
files_pid_file(postfix_var_run_t) files_pid_file(postfix_var_run_t)
# the data_directory config parameter
type postfix_data_t;
files_type(postfix_data_t)
postfix_server_domain_template(virtual) postfix_server_domain_template(virtual)
mta_mailserver_delivery(postfix_virtual_t) mta_mailserver_delivery(postfix_virtual_t)
@ -104,6 +108,9 @@ allow postfix_master_t postfix_etc_t:file rw_file_perms;
can_exec(postfix_master_t,postfix_exec_t) can_exec(postfix_master_t,postfix_exec_t)
allow postfix_master_t postfix_data_t:dir manage_dir_perms;
allow postfix_master_t postfix_data_t:file manage_file_perms;
allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock }; allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
allow postfix_master_t postfix_postdrop_exec_t:file getattr; allow postfix_master_t postfix_postdrop_exec_t:file getattr;