]>
Commit | Line | Data |
---|---|---|
65e131f0 CP |
1 | ## <summary>Qmail Mail Server</summary> |
2 | ||
65e131f0 CP |
3 | ######################################## |
4 | ## <summary> | |
5 | ## Template for qmail parent/sub-domain pairs | |
6 | ## </summary> | |
7 | ## <param name="child_prefix"> | |
8 | ## <summary> | |
9 | ## The prefix of the child domain | |
10 | ## </summary> | |
11 | ## </param> | |
12 | ## <param name="parent_domain"> | |
13 | ## <summary> | |
14 | ## The name of the parent domain. | |
15 | ## </summary> | |
16 | ## </param> | |
17 | # | |
18 | template(`qmail_child_domain_template',` | |
19 | type $1_t; | |
20 | domain_type($1_t) | |
21 | type $1_exec_t; | |
0bfccda4 | 22 | domain_entry_file($1_t, $1_exec_t) |
65e131f0 CP |
23 | domain_auto_trans($2, $1_exec_t, $1_t) |
24 | role system_r types $1_t; | |
25 | ||
26 | allow $1_t self:process signal_perms; | |
27 | ||
28 | allow $1_t $2:fd use; | |
29 | allow $1_t $2:fifo_file rw_file_perms; | |
30 | allow $1_t $2:process sigchld; | |
31 | ||
82d2775c CP |
32 | allow $1_t qmail_etc_t:dir list_dir_perms; |
33 | allow $1_t qmail_etc_t:file read_file_perms; | |
34 | allow $1_t qmail_etc_t:lnk_file read_lnk_file_perms; | |
65e131f0 CP |
35 | |
36 | allow $1_t qmail_start_t:fd use; | |
37 | ||
38 | kernel_list_proc($2) | |
39 | kernel_read_proc_symlinks($2) | |
40 | ||
41 | corecmd_search_bin($1_t) | |
42 | ||
43 | files_search_var($1_t) | |
44 | ||
45 | fs_getattr_xattr_fs($1_t) | |
65e131f0 CP |
46 | |
47 | miscfiles_read_localization($1_t) | |
48 | ') | |
49 | ||
50 | ######################################## | |
51 | ## <summary> | |
52 | ## Transition to qmail_inject_t | |
53 | ## </summary> | |
54 | ## <param name="domain"> | |
55 | ## <summary> | |
56 | ## Domain allowed access | |
57 | ## </summary> | |
58 | ## </param> | |
59 | # | |
60 | interface(`qmail_domtrans_inject',` | |
61 | gen_require(` | |
0bfccda4 | 62 | type qmail_inject_t, qmail_inject_exec_t; |
65e131f0 CP |
63 | ') |
64 | ||
c0868a7a | 65 | domtrans_pattern($1, qmail_inject_exec_t, qmail_inject_t) |
65e131f0 CP |
66 | |
67 | ifdef(`distro_debian',` | |
68 | files_search_usr($1) | |
8021cb4f | 69 | corecmd_search_bin($1) |
65e131f0 CP |
70 | ',` |
71 | files_search_var($1) | |
72 | corecmd_search_bin($1) | |
73 | ') | |
74 | ') | |
75 | ||
76 | ######################################## | |
77 | ## <summary> | |
78 | ## Transition to qmail_queue_t | |
79 | ## </summary> | |
80 | ## <param name="domain"> | |
81 | ## <summary> | |
82 | ## Domain allowed access | |
83 | ## </summary> | |
84 | ## </param> | |
85 | # | |
86 | interface(`qmail_domtrans_queue',` | |
87 | gen_require(` | |
0bfccda4 | 88 | type qmail_queue_t, qmail_queue_exec_t; |
65e131f0 CP |
89 | ') |
90 | ||
c0868a7a | 91 | domtrans_pattern($1, qmail_queue_exec_t, qmail_queue_t) |
65e131f0 CP |
92 | |
93 | ifdef(`distro_debian',` | |
94 | files_search_usr($1) | |
8021cb4f | 95 | corecmd_search_bin($1) |
65e131f0 CP |
96 | ',` |
97 | files_search_var($1) | |
98 | corecmd_search_bin($1) | |
99 | ') | |
100 | ') | |
101 | ||
102 | ######################################## | |
103 | ## <summary> | |
104 | ## Read qmail configuration files. | |
105 | ## </summary> | |
106 | ## <param name="domain"> | |
107 | ## <summary> | |
108 | ## Domain allowed access. | |
109 | ## </summary> | |
110 | ## </param> | |
bbcd3c97 | 111 | ## <rolecap/> |
65e131f0 CP |
112 | # |
113 | interface(`qmail_read_config',` | |
114 | gen_require(` | |
115 | type qmail_etc_t; | |
116 | ') | |
117 | ||
82d2775c CP |
118 | allow $1 qmail_etc_t:dir list_dir_perms; |
119 | allow $1 qmail_etc_t:file read_file_perms; | |
120 | allow $1 qmail_etc_t:lnk_file read_lnk_file_perms; | |
65e131f0 CP |
121 | files_search_var($1) |
122 | ||
123 | ifdef(`distro_debian',` | |
124 | # handle /etc/qmail | |
125 | files_search_etc($1) | |
126 | ') | |
127 | ') | |
128 | ||
129 | ######################################## | |
130 | ## <summary> | |
131 | ## Define the specified domain as a qmail-smtp service. | |
132 | ## Needed by antivirus/antispam filters. | |
133 | ## </summary> | |
134 | ## <param name="domain"> | |
135 | ## <summary> | |
136 | ## Domain allowed access | |
137 | ## </summary> | |
138 | ## </param> | |
139 | ## <param name="entrypoint"> | |
140 | ## <summary> | |
141 | ## The type associated with the process program. | |
142 | ## </summary> | |
143 | ## </param> | |
144 | # | |
145 | interface(`qmail_smtpd_service_domain',` | |
146 | gen_require(` | |
147 | type qmail_smtpd_t; | |
148 | ') | |
149 | ||
3f67f722 | 150 | domtrans_pattern(qmail_smtpd_t, $2, $1) |
65e131f0 | 151 | ') |