rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

clean up

Browse Source
This commit is contained in:
Chris PeBenito 2005-12-05 20:18:20 +00:00
parent 1470ffb03f
commit fc0e8ce91a
4 changed files with 53 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
refpolicy/policy/modules/services/mta.if
View File

@ -103,6 +103,10 @@ template(`mta_base_mail_template',`
nscd_use_socket($1_mail_t) nscd_use_socket($1_mail_t)
') ')
optional_policy(`postfix',`
postfix_domtrans_user_mail_handler($1_mail_t)
')
optional_policy(`procmail',` optional_policy(`procmail',`
procmail_exec($1_mail_t) procmail_exec($1_mail_t)
') ')

2
refpolicy/policy/modules/services/mta.te
View File

@ -1,5 +1,5 @@
policy_module(mta,1.0.2) policy_module(mta,1.0.3)
######################################## ########################################
# #

52
refpolicy/policy/modules/services/postfix.if
View File

@ -132,22 +132,37 @@ template(`postfix_server_domain_template',`
') ')
template(`postfix_user_domain_template',` template(`postfix_user_domain_template',`
gen_require(`
attribute postfix_user_domains, postfix_user_domtrans;
')
postfix_domain_template($1) postfix_domain_template($1)
typeattribute postfix_$1_t postfix_user_domains;
allow postfix_$1_t self:capability dac_override; allow postfix_$1_t self:capability dac_override;
domain_auto_trans(user_mail_domain, postfix_$1_exec_t, postfix_$1_t) domain_auto_trans(postfix_user_domtrans, postfix_$1_exec_t, postfix_$1_t)
allow user_mail_domain postfix_$1_t:fd use; allow postfix_user_domtrans postfix_$1_t:fd use;
allow postfix_$1_t user_mail_domain:fd use; allow postfix_$1_t postfix_user_domtrans:fd use;
allow postfix_$1_t user_mail_domain:fifo_file rw_file_perms; allow postfix_$1_t postfix_user_domtrans:fifo_file rw_file_perms;
allow postfix_$1_t user_mail_domain:process sigchld; allow postfix_$1_t postfix_user_domtrans:process sigchld;
# this is replaced by run interfaces domain_use_wide_inherit_fd(postfix_$1_t)
role sysadm_r types postfix_$1_t; ')
allow postfix_$1_t userdomain:process sigchld;
allow postfix_$1_t userdomain:fifo_file { write getattr };
allow postfix_$1_t { userdomain privfd }:fd use;
template(`postfix_per_userdomain_template',`
gen_require(`
attribute postfix_user_domains;
')
# cjp: perhaps this should actually be $3
# instead of just sysadm_r?
#role sysadm_r types postfix_user_domains;
allow postfix_user_domains $2:process sigchld;
allow postfix_user_domains $2:fifo_file { write getattr };
allow postfix_user_domains $2:fd use;
') ')
template(`postfix_public_domain_template',` template(`postfix_public_domain_template',`
@ -360,3 +375,20 @@ interface(`postfix_list_spool',`
allow $1 postfix_spool_t:dir list_dir_perms; allow $1 postfix_spool_t:dir list_dir_perms;
files_search_spool($1) files_search_spool($1)
') ')
########################################
## <summary>
## Execute postfix user mail programs
## in their respective domains.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`postfix_domtrans_user_mail_handler',`
gen_require(`
attribute postfix_user_domtrans;
')
typeattribute $1 postfix_user_domtrans;
')

7
refpolicy/policy/modules/services/postfix.te
View File

@ -1,11 +1,16 @@
policy_module(postfix,1.0.2) policy_module(postfix,1.0.3)
######################################## ########################################
# #
# Declarations # Declarations
# #
attribute postfix_user_domains;
# domains that transition to the
# postfix user domains
attribute postfix_user_domtrans;
postfix_public_domain_template(bounce) postfix_public_domain_template(bounce)
type postfix_spool_bounce_t; type postfix_spool_bounce_t;