129 lines
3.4 KiB
Plaintext
129 lines
3.4 KiB
Plaintext
#
|
|
# Macros for spamassassin domains.
|
|
#
|
|
# Author: Colin Walters <walters@verbum.org>
|
|
|
|
# spamassassin_domain(domain_prefix)
|
|
#
|
|
# Define derived domains for various spamassassin tools when executed
|
|
# by a user domain.
|
|
#
|
|
# The type declarations for the executable types of these programs are
|
|
# provided separately in domains/program/spamassassin.te and
|
|
# domains/program/spamc.te.
|
|
#
|
|
undefine(`spamassassin_domain')
|
|
ifdef(`spamassassin.te', `define(`using_spamassassin', `')')
|
|
ifdef(`spamd.te', `define(`using_spamassassin', `')')
|
|
ifdef(`spamc.te', `define(`using_spamassassin', `')')
|
|
|
|
ifdef(`using_spamassassin',`
|
|
|
|
#######
|
|
# Macros used internally in these spamassassin macros.
|
|
#
|
|
|
|
###
|
|
# Define a domain for a spamassassin-like program (spamc/spamassassin).
|
|
#
|
|
# Note: most of this should really be in a generic macro like
|
|
# base_user_program($1, foo)
|
|
define(`spamassassin_program_domain',`
|
|
type $1_$2_t, domain, privlog $3;
|
|
domain_auto_trans($1_t, $2_exec_t, $1_$2_t)
|
|
|
|
role $1_r types $1_$2_t;
|
|
general_domain_access($1_$2_t)
|
|
|
|
base_file_read_access($1_$2_t)
|
|
r_dir_file($1_$2_t, etc_t)
|
|
ifdef(`sendmail.te', `
|
|
r_dir_file($1_$2_t, etc_mail_t)
|
|
')
|
|
allow $1_$2_t etc_runtime_t:file r_file_perms;
|
|
uses_shlib($1_$2_t)
|
|
read_locale($1_$2_t)
|
|
dontaudit $1_$2_t var_t:dir search;
|
|
tmp_domain($1_$2)
|
|
allow $1_$2_t privfd:fd use;
|
|
allow $1_$2_t userpty_type:chr_file rw_file_perms;
|
|
') dnl end spamassassin_program_domain
|
|
|
|
###
|
|
# Give privileges to a domain for accessing ~/.spamassassin
|
|
# and a few other misc things like /dev/random.
|
|
# This is granted to /usr/bin/spamassassin and
|
|
# /usr/sbin/spamd, but NOT spamc (because it does not need it).
|
|
#
|
|
define(`spamassassin_agent_privs',`
|
|
allow $1 home_root_t:dir r_dir_perms;
|
|
file_type_auto_trans($1, $2_home_dir_t, $2_spamassassin_home_t)
|
|
create_dir_file($1, $2_spamassassin_home_t)
|
|
|
|
allow $1 urandom_device_t:chr_file r_file_perms;
|
|
')
|
|
|
|
#######
|
|
# Define the main spamassassin macro. This itself creates a
|
|
# domain for /usr/bin/spamassassin, and also spamc/spamd if
|
|
# applicable.
|
|
#
|
|
define(`spamassassin_domain',`
|
|
spamassassin_program_domain($1, spamassassin)
|
|
|
|
# For perl libraries.
|
|
allow $1_spamassassin_t lib_t:file rx_file_perms;
|
|
# Ignore perl digging in /proc and /var.
|
|
dontaudit $1_spamassassin_t proc_t:dir search;
|
|
dontaudit $1_spamassassin_t proc_t:lnk_file read;
|
|
dontaudit $1_spamassassin_t { sysctl_t sysctl_kernel_t }:dir search;
|
|
|
|
# For ~/.spamassassin
|
|
home_domain($1, spamassassin)
|
|
file_type_auto_trans($1_spamassassin_t, $1_home_dir_t, $1_spamassassin_home_t, dir)
|
|
|
|
spamassassin_agent_privs($1_spamassassin_t, $1)
|
|
|
|
can_resolve($1_spamassassin_t)
|
|
# set tunable if you give spamassassin full network access.
|
|
if (spamassasin_can_network) {
|
|
can_network($1_spamassassin_t)
|
|
allow $1_spamassassin_t port_type:tcp_socket name_connect;
|
|
}
|
|
if (spamassasin_can_network && allow_ypbind) {
|
|
uncond_can_ypbind($1_spamassassin_t)
|
|
}
|
|
###
|
|
# Define the domain for /usr/bin/spamc
|
|
#
|
|
ifdef(`spamc.te',`
|
|
spamassassin_program_domain($1, spamc, `, nscd_client_domain')
|
|
can_network($1_spamc_t)
|
|
allow $1_spamc_t port_type:tcp_socket name_connect;
|
|
can_ypbind($1_spamc_t)
|
|
|
|
# Allow connecting to a local spamd
|
|
ifdef(`spamd.te',`
|
|
can_tcp_connect($1_spamc_t, spamd_t)
|
|
can_unix_connect($1_spamc_t, spamd_t)
|
|
allow $1_spamc_t spamd_tmp_t:sock_file rw_file_perms;
|
|
') dnl endif spamd.te
|
|
') dnl endif spamc.te
|
|
|
|
###
|
|
# Define the domain for /usr/sbin/spamd
|
|
#
|
|
ifdef(`spamd.te',`
|
|
|
|
spamassassin_agent_privs(spamd_t, $1)
|
|
|
|
') dnl endif spamd.te
|
|
|
|
') dnl end spamassassin_domain
|
|
|
|
', `
|
|
|
|
define(`spamassassin_domain',`')
|
|
|
|
')
|