From 96831fe421d3a5a84e31a13ba0fb08653932a89a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 7 Jan 2010 09:56:21 -0500 Subject: [PATCH] Move rules from mta mailserver delivery from interface to .te to use the attribute. --- policy/modules/services/mta.if | 20 -------------------- policy/modules/services/mta.te | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if index 0c73e520..44e782e0 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -310,26 +310,6 @@ interface(`mta_mailserver_delivery',` ') typeattribute $1 mailserver_delivery; - - allow $1 mail_spool_t:dir list_dir_perms; - create_files_pattern($1, mail_spool_t, mail_spool_t) - read_files_pattern($1, mail_spool_t, mail_spool_t) - append_files_pattern($1, mail_spool_t, mail_spool_t) - create_lnk_files_pattern($1, mail_spool_t, mail_spool_t) - read_lnk_files_pattern($1, mail_spool_t, mail_spool_t) - - optional_policy(` - dovecot_manage_spool($1) - dovecot_domtrans_deliver($1) - ') - - optional_policy(` - # so MTA can access /var/lib/mailman/mail/wrapper - files_search_var_lib($1) - - mailman_domtrans($1) - mailman_read_data_symlinks($1) - ') ') ####################################### diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te index da4022a3..797d86be 100644 --- a/policy/modules/services/mta.te +++ b/policy/modules/services/mta.te @@ -209,6 +209,13 @@ optional_policy(` # Mailserver delivery local policy # +allow mailserver_delivery mail_spool_t:dir list_dir_perms; +create_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) +read_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) +append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) +create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) +read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t) + read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t) read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t) @@ -225,6 +232,19 @@ tunable_policy(`use_nfs_home_dirs',` fs_manage_nfs_symlinks(mailserver_delivery) ') +optional_policy(` + dovecot_manage_spool(mailserver_delivery) + dovecot_domtrans_deliver(mailserver_delivery) +') + +optional_policy(` + # so MTA can access /var/lib/mailman/mail/wrapper + files_search_var_lib(mailserver_delivery) + + mailman_domtrans(mailserver_delivery) + mailman_read_data_symlinks(mailserver_delivery) +') + ######################################## # # User send mail local policy