# Macros for MTA domains. # # # Author: Russell Coker # Based on the work of: Stephen Smalley # Timothy Fraser # # # mail_domain(domain_prefix) # # Define a derived domain for the sendmail program when executed by # a user domain to send outgoing mail. These domains are separate and # independent of the domain used for the sendmail daemon process. # # The type declaration for the executable type for this program is # provided separately in domains/program/mta.te. # undefine(`mail_domain') define(`mail_domain',` # Derived domain based on the calling user domain and the program. type $1_mail_t, domain, privlog, user_mail_domain, nscd_client_domain; ifdef(`sendmail.te', ` sendmail_user_domain($1) ') can_exec($1_mail_t, sendmail_exec_t) allow $1_mail_t sendmail_exec_t:lnk_file { getattr read }; # The user role is authorized for this domain. role $1_r types $1_mail_t; uses_shlib($1_mail_t) can_network_client_tcp($1_mail_t) allow $1_mail_t { smtp_port_t port_type }:tcp_socket name_connect; can_resolve($1_mail_t) can_ypbind($1_mail_t) allow $1_mail_t self:unix_dgram_socket create_socket_perms; allow $1_mail_t self:unix_stream_socket create_socket_perms; read_locale($1_mail_t) read_sysctl($1_mail_t) allow $1_mail_t device_t:dir search; allow $1_mail_t { var_t var_spool_t }:dir search; allow $1_mail_t self:process { fork signal_perms setrlimit }; allow $1_mail_t sbin_t:dir search; # It wants to check for nscd dontaudit $1_mail_t var_run_t:dir search; # Use capabilities allow $1_mail_t self:capability { setuid setgid chown }; # Execute procmail. can_exec($1_mail_t, bin_t) ifdef(`procmail.te',` can_exec($1_mail_t, procmail_exec_t)') ifelse(`$1', `system', ` # Transition from a system domain to the derived domain. domain_auto_trans(privmail, sendmail_exec_t, system_mail_t) allow privmail sendmail_exec_t:lnk_file { getattr read }; ifdef(`crond.te', ` # Read cron temporary files. allow system_mail_t system_crond_tmp_t:file { read getattr ioctl }; allow mta_user_agent system_crond_tmp_t:file { read getattr }; ') can_access_pty(system_mail_t, initrc) ', ` # For when the user wants to send mail via port 25 localhost can_tcp_connect($1_t, mail_server_domain) # Transition from the user domain to the derived domain. domain_auto_trans($1_t, sendmail_exec_t, $1_mail_t) allow $1_t sendmail_exec_t:lnk_file { getattr read }; # Read user temporary files. allow $1_mail_t $1_tmp_t:file r_file_perms; dontaudit $1_mail_t $1_tmp_t:file append; ifdef(`postfix.te', ` # postfix seems to need write access if the file handle is opened read/write allow $1_mail_t $1_tmp_t:file write; ')dnl end if postfix allow mta_user_agent $1_tmp_t:file { read getattr }; # Write to the user domain tty. access_terminal(mta_user_agent, $1) access_terminal($1_mail_t, $1) # Inherit and use descriptors from gnome-pty-helper. ifdef(`gnome-pty-helper.te', `allow $1_mail_t $1_gph_t:fd use;') allow $1_mail_t privfd:fd use; # Create dead.letter in user home directories. file_type_auto_trans($1_mail_t, $1_home_dir_t, $1_home_t, file) if (use_samba_home_dirs) { rw_dir_create_file($1_mail_t, cifs_t) } # if you do not want to allow dead.letter then use the following instead #allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms; #allow $1_mail_t $1_home_t:file r_file_perms; # for reading .forward - maybe we need a new type for it? # also for delivering mail to maildir file_type_auto_trans(mta_delivery_agent, $1_home_dir_t, $1_home_t) ')dnl end if system allow $1_mail_t etc_t:file { getattr read }; ifdef(`qmail.te', ` allow $1_mail_t qmail_etc_t:dir search; allow $1_mail_t qmail_etc_t:{ file lnk_file } read; ')dnl end if qmail ')