MTA patch from Dan Walsh.
This commit is contained in:
Chris PeBenito
parent
088b65e52b
commit
e19b8d1c2e
@ -356,6 +356,7 @@ interface(`mta_send_mail',`
|
||||
')
|
||||
|
||||
allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
|
||||
corecmd_read_bin_symlinks($1)
|
||||
domtrans_pattern($1, mta_exec_type, system_mail_t)
|
||||
|
||||
allow mta_user_agent $1:fd use;
|
||||
@ -398,6 +399,25 @@ interface(`mta_sendmail_domtrans',`
|
||||
domain_auto_trans($1, sendmail_exec_t, $2)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send system mail client a signal
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
#
|
||||
interface(`mta_signal_system_mail',`
|
||||
gen_require(`
|
||||
type system_mail_t;
|
||||
')
|
||||
|
||||
allow $1 system_mail_t:process signal;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute sendmail in the caller domain.
|
||||
@ -763,6 +783,25 @@ interface(`mta_search_queue',`
|
||||
allow $1 mqueue_spool_t:dir search_dir_perms;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## List the mail queue.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mta_list_queue',`
|
||||
gen_require(`
|
||||
type mqueue_spool_t;
|
||||
')
|
||||
|
||||
allow $1 mqueue_spool_t:dir list_dir_perms;
|
||||
files_search_spool($1)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Read the mail queue.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(mta, 2.2.1)
|
||||
policy_module(mta, 2.2.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -71,10 +71,14 @@ dev_read_sysfs(system_mail_t)
|
||||
dev_read_rand(system_mail_t)
|
||||
dev_read_urand(system_mail_t)
|
||||
|
||||
files_read_usr_files(system_mail_t)
|
||||
|
||||
fs_rw_anon_inodefs_files(system_mail_t)
|
||||
|
||||
selinux_getattr_fs(system_mail_t)
|
||||
|
||||
term_dontaudit_use_unallocated_ttys(system_mail_t)
|
||||
|
||||
init_use_script_ptys(system_mail_t)
|
||||
|
||||
userdom_use_user_terminals(system_mail_t)
|
||||
@ -107,6 +111,7 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
cron_read_system_job_tmp_files(system_mail_t)
|
||||
cron_dontaudit_write_pipes(system_mail_t)
|
||||
cron_rw_system_job_stream_sockets(system_mail_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
Loading…
Reference in New Issue
Block a user