<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> - <a href='services_apache.html'> apache</a><br/> - <a href='services_apm.html'> apm</a><br/> - <a href='services_arpwatch.html'> arpwatch</a><br/> - <a href='services_automount.html'> automount</a><br/> - <a href='services_avahi.html'> avahi</a><br/> - <a href='services_bind.html'> bind</a><br/> - <a href='services_bluetooth.html'> bluetooth</a><br/> - <a href='services_canna.html'> canna</a><br/> - <a href='services_comsat.html'> comsat</a><br/> - <a href='services_cpucontrol.html'> cpucontrol</a><br/> - <a href='services_cron.html'> cron</a><br/> - <a href='services_cups.html'> cups</a><br/> - <a href='services_cvs.html'> cvs</a><br/> - <a href='services_cyrus.html'> cyrus</a><br/> - <a href='services_dbskk.html'> dbskk</a><br/> - <a href='services_dbus.html'> dbus</a><br/> - <a href='services_dhcp.html'> dhcp</a><br/> - <a href='services_dictd.html'> dictd</a><br/> - <a href='services_distcc.html'> distcc</a><br/> - <a href='services_djbdns.html'> djbdns</a><br/> - <a href='services_dovecot.html'> dovecot</a><br/> - <a href='services_fetchmail.html'> fetchmail</a><br/> - <a href='services_finger.html'> finger</a><br/> - <a href='services_ftp.html'> ftp</a><br/> - <a href='services_gpm.html'> gpm</a><br/> - <a href='services_hal.html'> hal</a><br/> - <a href='services_howl.html'> howl</a><br/> - <a href='services_i18n_input.html'> i18n_input</a><br/> - <a href='services_inetd.html'> inetd</a><br/> - <a href='services_inn.html'> inn</a><br/> - <a href='services_irqbalance.html'> irqbalance</a><br/> - <a href='services_kerberos.html'> kerberos</a><br/> - <a href='services_ktalk.html'> ktalk</a><br/> - <a href='services_ldap.html'> ldap</a><br/> - <a href='services_lpd.html'> lpd</a><br/> - <a href='services_mailman.html'> mailman</a><br/> - <a href='services_mta.html'> mta</a><br/> - <a href='services_mysql.html'> mysql</a><br/> - <a href='services_networkmanager.html'> networkmanager</a><br/> - <a href='services_nis.html'> nis</a><br/> - <a href='services_nscd.html'> nscd</a><br/> - <a href='services_ntp.html'> ntp</a><br/> - <a href='services_openct.html'> openct</a><br/> - <a href='services_pegasus.html'> pegasus</a><br/> - <a href='services_portmap.html'> portmap</a><br/> - <a href='services_postfix.html'> postfix</a><br/> - <a href='services_postgresql.html'> postgresql</a><br/> - <a href='services_ppp.html'> ppp</a><br/> - <a href='services_privoxy.html'> privoxy</a><br/> - <a href='services_procmail.html'> procmail</a><br/> - <a href='services_publicfile.html'> publicfile</a><br/> - <a href='services_radius.html'> radius</a><br/> - <a href='services_radvd.html'> radvd</a><br/> - <a href='services_rdisc.html'> rdisc</a><br/> - <a href='services_remotelogin.html'> remotelogin</a><br/> - <a href='services_rlogin.html'> rlogin</a><br/> - <a href='services_roundup.html'> roundup</a><br/> - <a href='services_rpc.html'> rpc</a><br/> - <a href='services_rshd.html'> rshd</a><br/> - <a href='services_rsync.html'> rsync</a><br/> - <a href='services_samba.html'> samba</a><br/> - <a href='services_sasl.html'> sasl</a><br/> - <a href='services_sendmail.html'> sendmail</a><br/> - <a href='services_slrnpull.html'> slrnpull</a><br/> - <a href='services_smartmon.html'> smartmon</a><br/> - <a href='services_snmp.html'> snmp</a><br/> - <a href='services_spamassassin.html'> spamassassin</a><br/> - <a href='services_squid.html'> squid</a><br/> - <a href='services_ssh.html'> ssh</a><br/> - <a href='services_stunnel.html'> stunnel</a><br/> - <a href='services_sysstat.html'> sysstat</a><br/> - <a href='services_tcpd.html'> tcpd</a><br/> - <a href='services_telnet.html'> telnet</a><br/> - <a href='services_tftp.html'> tftp</a><br/> - <a href='services_timidity.html'> timidity</a><br/> - <a href='services_ucspitcp.html'> ucspitcp</a><br/> - <a href='services_uucp.html'> uucp</a><br/> - <a href='services_xfs.html'> xfs</a><br/> - <a href='services_xserver.html'> xserver</a><br/> - <a href='services_zebra.html'> zebra</a><br/> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: services</h1><p/> <h2>Module: mta</h2><p/> <a href=#interfaces>Interfaces</a> <a href=#templates>Templates</a> <h3>Description:</h3> <p><p>Policy common to all email tranfer agents.</p></p> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_mta_append_spool"></a> <div id="interface"> <div id="codeblock"> <b>mta_append_spool</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, and write the mail spool. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_delete_spool"></a> <div id="interface"> <div id="codeblock"> <b>mta_delete_spool</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete from the mail spool. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_dontaudit_getattr_spool_files"></a> <div id="interface"> <div id="codeblock"> <b>mta_dontaudit_getattr_spool_files</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_dontaudit_read_spool_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>mta_dontaudit_read_spool_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read a symlink in the mail spool. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_dontaudit_rw_delivery_tcp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>mta_dontaudit_rw_delivery_tcp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write TCP sockets of mail delivery domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Mail server domain. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_dontaudit_rw_queue"></a> <div id="interface"> <div id="codeblock"> <b>mta_dontaudit_rw_queue</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write the mail queue. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_etc_filetrans_aliases"></a> <div id="interface"> <div id="codeblock"> <b>mta_etc_filetrans_aliases</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Type transition files created in /etc to the mail address aliases type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_exec"></a> <div id="interface"> <div id="codeblock"> <b>mta_exec</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_getattr_spool"></a> <div id="interface"> <div id="codeblock"> <b>mta_getattr_spool</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_mailserver"></a> <div id="interface"> <div id="codeblock"> <b>mta_mailserver</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_mailserver_delivery"></a> <div id="interface"> <div id="codeblock"> <b>mta_mailserver_delivery</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make a type a mailserver type used for delivering mail to local users. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Mail server domain type used for delivering mail. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_mailserver_sender"></a> <div id="interface"> <div id="codeblock"> <b>mta_mailserver_sender</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make a type a mailserver type used for sending mail. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Mail server domain type used for sending mail. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_mailserver_user_agent"></a> <div id="interface"> <div id="codeblock"> <b>mta_mailserver_user_agent</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make a type a mailserver type used for sending mail on behalf of local users to the local mail spool. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Mail server domain type used for sending local mail. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_manage_queue"></a> <div id="interface"> <div id="codeblock"> <b>mta_manage_queue</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_manage_spool"></a> <div id="interface"> <div id="codeblock"> <b>mta_manage_spool</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_read_aliases"></a> <div id="interface"> <div id="codeblock"> <b>mta_read_aliases</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read mail address aliases. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_read_config"></a> <div id="interface"> <div id="codeblock"> <b>mta_read_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read mail server configuration. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_read_sendmail_bin"></a> <div id="interface"> <div id="codeblock"> <b>mta_read_sendmail_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read sendmail binary. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_rw_aliases"></a> <div id="interface"> <div id="codeblock"> <b>mta_rw_aliases</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_rw_spool"></a> <div id="interface"> <div id="codeblock"> <b>mta_rw_spool</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_rw_user_mail_stream_sockets"></a> <div id="interface"> <div id="codeblock"> <b>mta_rw_user_mail_stream_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unix domain stream sockets of user mail domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_send_mail"></a> <div id="interface"> <div id="codeblock"> <b>mta_send_mail</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> <p> Parameter descriptions are missing! </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_sendmail_mailserver"></a> <div id="interface"> <div id="codeblock"> <b>mta_sendmail_mailserver</b>( domain , entry_point )<br> </div> <div id="description"> <h5>Summary</h5> <p> Modified mailserver interface for sendmail daemon use. </p> <h5>Description</h5> <p> </p><p> A modified MTA mail server interface for the sendmail program. It's design does not fit well with policy, and using the regular interface causes a type_transition conflict if direct running of init scripts is enabled. </p><p> </p><p> This interface should most likely only be used by the sendmail policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> The type to be used for the mail server. </p> </td><td> No </td></tr> <tr><td> entry_point </td><td> <p> The type to be used for the domain entry point program. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_spool_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>mta_spool_filetrans</b>( domain , private type , object )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create private objects in the mail spool directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> <tr><td> private type </td><td> <p> The type of the object to be created. </p> </td><td> No </td></tr> <tr><td> object </td><td> <p> The object class of the object being created. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_stub"></a> <div id="interface"> <div id="codeblock"> <b>mta_stub</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> MTA stub interface. No access allowed. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> N/A </p> </td><td> Yes </td></tr> </table> </div> </div> <a name="link_mta_tcp_connect_all_mailservers"></a> <div id="interface"> <div id="codeblock"> <b>mta_tcp_connect_all_mailservers</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to all mail servers over TCP. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Mail server domain. </p> </td><td> No </td></tr> </table> </div> </div> <a href=#top>Return</a> <a name="templates"></a> <h3>Templates: </h3> <a name="link_mta_admin_template"></a> <div id="template"> <div id="codeblock"> <b>mta_admin_template</b>( userdomain_prefix , user_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Provide extra permissions for admin users mail domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td><td> No </td></tr> <tr><td> user_domain </td><td> <p> The type of the user domain. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_base_mail_template"></a> <div id="template"> <div id="codeblock"> <b>mta_base_mail_template</b>( domain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> Basic mail transfer agent domain template. </p> <h5>Description</h5> <p> </p><p> This template creates a derived domain which is a email transfer agent, which sends mail on behalf of the user. </p><p> </p><p> This is the basic types and rules, common to the system agent and user agents. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain_prefix </td><td> <p> The prefix of the domain (e.g., user is the prefix for user_t). </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_mta_per_userdomain_template"></a> <div id="template"> <div id="codeblock"> <b>mta_per_userdomain_template</b>( userdomain_prefix , user_domain , user_role )<br> </div> <div id="description"> <h5>Summary</h5> <p> The per user domain template for the mta module. </p> <h5>Description</h5> <p> </p><p> This template creates a derived domain which is a email transfer agent, which sends mail on behalf of the user. </p><p> </p><p> This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td><td> No </td></tr> <tr><td> user_domain </td><td> <p> The type of the user domain. </p> </td><td> No </td></tr> <tr><td> user_role </td><td> <p> The role associated with the user domain. </p> </td><td> No </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>