1900668638
The latest revision of the labeled policy patches which enable both labeled and unlabeled policy support for NetLabel. This revision takes into account Chris' feedback from the first version and reduces the number of interface calls in each domain down to two at present: one for unlabeled access, one for NetLabel access. The older, transport layer specific interfaces, are still present for use by third-party modules but are not used in the default policy modules. trunk: Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. This patch changes the policy to use the netmsg initial SID as the "base" SID/context for NetLabel packets which only have MLS security attributes. Currently we use the unlabeled initial SID which makes it very difficult to distinquish between actual unlabeled packets and those packets which have MLS security attributes.
907 lines
20 KiB
Plaintext
907 lines
20 KiB
Plaintext
## <summary>Policy common to all email tranfer agents.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## MTA stub interface. No access allowed.
|
|
## </summary>
|
|
## <param name="domain" optional="true">
|
|
## <summary>
|
|
## N/A
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_stub',`
|
|
gen_require(`
|
|
type sendmail_exec_t;
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Basic mail transfer agent domain template.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a derived domain which is
|
|
## a email transfer agent, which sends mail on
|
|
## behalf of the user.
|
|
## </p>
|
|
## <p>
|
|
## This is the basic types and rules, common
|
|
## to the system agent and user agents.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain_prefix">
|
|
## <summary>
|
|
## The prefix of the domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`mta_base_mail_template',`
|
|
|
|
gen_require(`
|
|
attribute user_mail_domain;
|
|
type sendmail_exec_t;
|
|
')
|
|
|
|
##############################
|
|
#
|
|
# $1_mail_t declarations
|
|
#
|
|
|
|
type $1_mail_t, user_mail_domain;
|
|
domain_type($1_mail_t)
|
|
domain_entry_file($1_mail_t,sendmail_exec_t)
|
|
|
|
type $1_mail_tmp_t;
|
|
files_tmp_file($1_mail_tmp_t)
|
|
|
|
##############################
|
|
#
|
|
# $1_mail_t local policy
|
|
#
|
|
|
|
allow $1_mail_t self:capability { setuid setgid chown };
|
|
allow $1_mail_t self:process { signal_perms setrlimit };
|
|
allow $1_mail_t self:tcp_socket create_socket_perms;
|
|
|
|
# re-exec itself
|
|
can_exec($1_mail_t, sendmail_exec_t)
|
|
allow $1_mail_t sendmail_exec_t:lnk_file read_lnk_file_perms;
|
|
|
|
kernel_read_kernel_sysctls($1_mail_t)
|
|
|
|
corenet_all_recvfrom_unlabeled($1_mail_t)
|
|
corenet_all_recvfrom_netlabel($1_mail_t)
|
|
corenet_tcp_sendrecv_all_if($1_mail_t)
|
|
corenet_tcp_sendrecv_all_nodes($1_mail_t)
|
|
corenet_tcp_sendrecv_all_ports($1_mail_t)
|
|
corenet_tcp_connect_all_ports($1_mail_t)
|
|
corenet_tcp_connect_smtp_port($1_mail_t)
|
|
corenet_sendrecv_smtp_client_packets($1_mail_t)
|
|
|
|
corecmd_exec_bin($1_mail_t)
|
|
|
|
files_read_etc_files($1_mail_t)
|
|
files_search_spool($1_mail_t)
|
|
# It wants to check for nscd
|
|
files_dontaudit_search_pids($1_mail_t)
|
|
|
|
libs_use_ld_so($1_mail_t)
|
|
libs_use_shared_libs($1_mail_t)
|
|
|
|
logging_send_syslog_msg($1_mail_t)
|
|
|
|
miscfiles_read_localization($1_mail_t)
|
|
|
|
sysnet_read_config($1_mail_t)
|
|
sysnet_dns_name_resolve($1_mail_t)
|
|
|
|
optional_policy(`
|
|
nis_use_ypbind($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
nscd_socket_use($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
postfix_domtrans_user_mail_handler($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
procmail_exec($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
qmail_domtrans_inject($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gen_require(`
|
|
type etc_mail_t, mail_spool_t, mqueue_spool_t;
|
|
')
|
|
|
|
manage_dirs_pattern($1_mail_t,$1_mail_tmp_t,$1_mail_tmp_t)
|
|
manage_files_pattern($1_mail_t,$1_mail_tmp_t,$1_mail_tmp_t)
|
|
files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
|
|
|
|
allow $1_mail_t etc_mail_t:dir { getattr search };
|
|
|
|
# Write to /var/spool/mail and /var/spool/mqueue.
|
|
manage_files_pattern($1_mail_t,mail_spool_t,mail_spool_t)
|
|
manage_files_pattern($1_mail_t,mqueue_spool_t,mqueue_spool_t)
|
|
|
|
# Check available space.
|
|
fs_getattr_xattr_fs($1_mail_t)
|
|
|
|
files_read_etc_runtime_files($1_mail_t)
|
|
|
|
# Write to /var/log/sendmail.st
|
|
sendmail_manage_log($1_mail_t)
|
|
sendmail_create_log($1_mail_t)
|
|
')
|
|
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The per role template for the mta module.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template creates a derived domain which is
|
|
## a email transfer agent, which sends mail on
|
|
## behalf of the user.
|
|
## </p>
|
|
## <p>
|
|
## This template is invoked automatically for each user, and
|
|
## generally does not need to be invoked directly
|
|
## by policy writers.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="user_domain">
|
|
## <summary>
|
|
## The type of the user domain.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="user_role">
|
|
## <summary>
|
|
## The role associated with the user domain.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`mta_per_role_template',`
|
|
gen_require(`
|
|
attribute mta_user_agent;
|
|
attribute mailserver_delivery;
|
|
')
|
|
|
|
##############################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
mta_base_mail_template($1)
|
|
role $3 types $1_mail_t;
|
|
|
|
##############################
|
|
#
|
|
# $1_mail_t local policy
|
|
#
|
|
|
|
# Transition from the user domain to the derived domain.
|
|
domtrans_pattern($2, sendmail_exec_t, $1_mail_t)
|
|
allow $2 sendmail_exec_t:lnk_file { getattr read };
|
|
|
|
domain_use_interactive_fds($1_mail_t)
|
|
|
|
userdom_use_user_terminals($1,$1_mail_t)
|
|
# Write to the user domain tty. cjp: why?
|
|
userdom_use_user_terminals($1,mta_user_agent)
|
|
# Create dead.letter in user home directories.
|
|
userdom_manage_user_home_content_files($1,$1_mail_t)
|
|
userdom_user_home_dir_filetrans_user_home_content($1,$1_mail_t,file)
|
|
# for reading .forward - maybe we need a new type for it?
|
|
# also for delivering mail to maildir
|
|
userdom_manage_user_home_content_dirs($1,mailserver_delivery)
|
|
userdom_manage_user_home_content_files($1,mailserver_delivery)
|
|
userdom_manage_user_home_content_symlinks($1,mailserver_delivery)
|
|
userdom_manage_user_home_content_pipes($1,mailserver_delivery)
|
|
userdom_manage_user_home_content_sockets($1,mailserver_delivery)
|
|
userdom_user_home_dir_filetrans_user_home_content($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
|
|
# Read user temporary files.
|
|
userdom_read_user_tmp_files($1,$1_mail_t)
|
|
userdom_dontaudit_append_user_tmp_files($1,$1_mail_t)
|
|
# cjp: this should probably be read all user tmp
|
|
# files in an appropriate place for mta_user_agent
|
|
userdom_read_user_tmp_files($1,mta_user_agent)
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_manage_cifs_files($1_mail_t)
|
|
fs_manage_cifs_symlinks($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
allow $1_mail_t self:capability dac_override;
|
|
|
|
# Read user temporary files.
|
|
# postfix seems to need write access if the file handle is opened read/write
|
|
userdom_rw_user_tmp_files($1,$1_mail_t)
|
|
|
|
postfix_read_config($1_mail_t)
|
|
postfix_list_spool($1_mail_t)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Provide extra permissions for admin users
|
|
## mail domain.
|
|
## </summary>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
## <param name="user_domain">
|
|
## <summary>
|
|
## The type of the user domain.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
template(`mta_admin_template',`
|
|
gen_require(`
|
|
type $1_mail_t;
|
|
')
|
|
|
|
ifdef(`strict_policy',`
|
|
# allow the sysadmin to do "mail someone < /home/user/whatever"
|
|
userdom_read_unpriv_users_home_content_files($1_mail_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gen_require(`
|
|
attribute mta_user_agent;
|
|
type etc_aliases_t;
|
|
')
|
|
|
|
allow mta_user_agent $2:fifo_file { read write };
|
|
|
|
manage_dirs_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
|
|
manage_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
|
|
manage_lnk_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
|
|
manage_fifo_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
|
|
manage_sock_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
|
|
files_etc_filetrans($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
|
|
|
|
# postfix needs this for newaliases
|
|
files_getattr_tmp_dirs($1_mail_t)
|
|
|
|
postfix_exec_master($1_mail_t)
|
|
|
|
ifdef(`distro_redhat',`
|
|
# compatability for old default main.cf
|
|
postfix_config_filetrans($1_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
|
|
')
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified domain usable for a mail server.
|
|
## </summary>
|
|
## <param name="type">
|
|
## <summary>
|
|
## Type to be used as a mail server domain.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_mailserver',`
|
|
gen_require(`
|
|
attribute mailserver_domain;
|
|
')
|
|
|
|
init_daemon_domain($1,$2)
|
|
typeattribute $1 mailserver_domain;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Modified mailserver interface for
|
|
## sendmail daemon use.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## A modified MTA mail server interface for
|
|
## the sendmail program. It's design does
|
|
## not fit well with policy, and using the
|
|
## regular interface causes a type_transition
|
|
## conflict if direct running of init scripts
|
|
## is enabled.
|
|
## </p>
|
|
## <p>
|
|
## This interface should most likely only be used
|
|
## by the sendmail policy.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## The type to be used for the mail server.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="entry_point">
|
|
## <summary>
|
|
## The type to be used for the domain entry point program.
|
|
## </summary>
|
|
## </param>
|
|
interface(`mta_sendmail_mailserver',`
|
|
gen_require(`
|
|
attribute mailserver_domain;
|
|
type sendmail_exec_t;
|
|
')
|
|
|
|
init_system_domain($1,sendmail_exec_t)
|
|
typeattribute $1 mailserver_domain;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Make a type a mailserver type used
|
|
## for sending mail.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Mail server domain type used for sending mail.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_mailserver_sender',`
|
|
gen_require(`
|
|
attribute mailserver_sender;
|
|
')
|
|
|
|
typeattribute $1 mailserver_sender;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Make a type a mailserver type used
|
|
## for delivering mail to local users.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Mail server domain type used for delivering mail.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_mailserver_delivery',`
|
|
gen_require(`
|
|
attribute mailserver_delivery;
|
|
type mail_spool_t;
|
|
')
|
|
|
|
typeattribute $1 mailserver_delivery;
|
|
|
|
allow $1 mail_spool_t:dir list_dir_perms;
|
|
create_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
read_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
create_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
|
|
optional_policy(`
|
|
dovecot_manage_spool($1)
|
|
')
|
|
|
|
optional_policy(`
|
|
# so MTA can access /var/lib/mailman/mail/wrapper
|
|
files_search_var_lib($1)
|
|
|
|
mailman_domtrans($1)
|
|
mailman_read_data_symlinks($1)
|
|
')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Make a type a mailserver type used
|
|
## for sending mail on behalf of local
|
|
## users to the local mail spool.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Mail server domain type used for sending local mail.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_mailserver_user_agent',`
|
|
gen_require(`
|
|
attribute mta_user_agent;
|
|
')
|
|
|
|
typeattribute $1 mta_user_agent;
|
|
|
|
optional_policy(`
|
|
# apache should set close-on-exec
|
|
apache_dontaudit_rw_stream_sockets($1)
|
|
apache_dontaudit_rw_sys_script_stream_sockets($1)
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send mail from the system.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_send_mail',`
|
|
gen_require(`
|
|
attribute mta_user_agent;
|
|
type system_mail_t, sendmail_exec_t;
|
|
')
|
|
|
|
allow $1 sendmail_exec_t:lnk_file read_lnk_file_perms;
|
|
domain_auto_trans($1, sendmail_exec_t, system_mail_t)
|
|
|
|
allow $1 system_mail_t:fd use;
|
|
allow system_mail_t $1:fd use;
|
|
allow system_mail_t $1:fifo_file rw_file_perms;
|
|
allow system_mail_t $1:process sigchld;
|
|
|
|
allow mta_user_agent $1:fd use;
|
|
allow mta_user_agent $1:process sigchld;
|
|
allow mta_user_agent $1:fifo_file { read write };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute send mail in a specified domain.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Execute send mail in a specified domain.
|
|
## </p>
|
|
## <p>
|
|
## No interprocess communication (signals, pipes,
|
|
## etc.) is provided by this interface since
|
|
## the domains are not owned by this module.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="source_domain">
|
|
## <summary>
|
|
## Domain to transition from.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="target_domain">
|
|
## <summary>
|
|
## Domain to transition to.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_sendmail_domtrans',`
|
|
gen_require(`
|
|
type sendmail_exec_t;
|
|
')
|
|
|
|
files_search_usr($1)
|
|
corecmd_read_bin_symlinks($1)
|
|
domain_auto_trans($1,sendmail_exec_t,$2)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute sendmail in the caller domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_sendmail_exec',`
|
|
gen_require(`
|
|
type sendmail_exec_t;
|
|
')
|
|
|
|
can_exec($1, sendmail_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read mail server configuration.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`mta_read_config',`
|
|
gen_require(`
|
|
type etc_mail_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 etc_mail_t:dir list_dir_perms;
|
|
read_files_pattern($1,etc_mail_t,etc_mail_t)
|
|
read_lnk_files_pattern($1,etc_mail_t,etc_mail_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read mail address aliases.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_read_aliases',`
|
|
gen_require(`
|
|
type etc_aliases_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 etc_aliases_t:file read_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Type transition files created in /etc
|
|
## to the mail address aliases type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_etc_filetrans_aliases',`
|
|
gen_require(`
|
|
type etc_aliases_t;
|
|
')
|
|
|
|
files_etc_filetrans($1,etc_aliases_t, file)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write mail aliases.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`mta_rw_aliases',`
|
|
gen_require(`
|
|
type etc_aliases_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 etc_aliases_t:file { rw_file_perms setattr };
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Do not audit attempts to read and write TCP
|
|
## sockets of mail delivery domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Mail server domain.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_dontaudit_rw_delivery_tcp_sockets',`
|
|
gen_require(`
|
|
attribute mailserver_delivery;
|
|
')
|
|
|
|
dontaudit $1 mailserver_delivery:tcp_socket { read write };
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Connect to all mail servers over TCP. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Mail server domain.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_tcp_connect_all_mailservers',`
|
|
refpolicywarn(`$0($*) has been deprecated.')
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Do not audit attempts to read a symlink
|
|
## in the mail spool.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_dontaudit_read_spool_symlinks',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
dontaudit $1 mail_spool_t:lnk_file read;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of mail spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_getattr_spool',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
allow $1 mail_spool_t:dir list_dir_perms;
|
|
allow $1 mail_spool_t:lnk_file read;
|
|
allow $1 mail_spool_t:file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the attributes
|
|
## of mail spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_dontaudit_getattr_spool_files',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_dontaudit_search_spool($1)
|
|
dontaudit $1 mail_spool_t:dir search;
|
|
dontaudit $1 mail_spool_t:lnk_file read;
|
|
dontaudit $1 mail_spool_t:file getattr;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Create private objects in the
|
|
## mail spool directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="private type">
|
|
## <summary>
|
|
## The type of the object to be created.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object">
|
|
## <summary>
|
|
## The object class of the object being created.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_spool_filetrans',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
filetrans_pattern($1,mail_spool_t,$2,$3)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write the mail spool.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_rw_spool',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
allow $1 mail_spool_t:dir list_dir_perms;
|
|
allow $1 mail_spool_t:file setattr;
|
|
rw_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Create, read, and write the mail spool.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_append_spool',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
allow $1 mail_spool_t:dir list_dir_perms;
|
|
create_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
write_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Delete from the mail spool.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_delete_spool',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
delete_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete mail spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_manage_spool',`
|
|
gen_require(`
|
|
type mail_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
manage_dirs_pattern($1,mail_spool_t,mail_spool_t)
|
|
manage_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
manage_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search mail queue dirs.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_search_queue',`
|
|
gen_require(`
|
|
type mqueue_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
allow $1 mqueue_spool_t:dir search_dir_perms;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Do not audit attempts to read and
|
|
## write the mail queue.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_dontaudit_rw_queue',`
|
|
gen_require(`
|
|
type mqueue_spool_t;
|
|
')
|
|
|
|
dontaudit $1 mqueue_spool_t:dir search_dir_perms;
|
|
dontaudit $1 mqueue_spool_t:file { getattr read write };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## mail queue files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_manage_queue',`
|
|
gen_require(`
|
|
type mqueue_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
manage_files_pattern($1,mqueue_spool_t,mqueue_spool_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Read sendmail binary.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
# cjp: added for postfix
|
|
interface(`mta_read_sendmail_bin',`
|
|
gen_require(`
|
|
type sendmail_exec_t;
|
|
')
|
|
|
|
allow $1 sendmail_exec_t:file read_file_perms;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Read and write unix domain stream sockets
|
|
## of user mail domains.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mta_rw_user_mail_stream_sockets',`
|
|
gen_require(`
|
|
attribute user_mail_domain;
|
|
')
|
|
|
|
allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
|
|
')
|