Make sure postfix content gets created with the correct label

author Dan Walsh <dwalsh@redhat.com>

Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)
author Dan Walsh <dwalsh@redhat.com>
Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te

index 4b732cda38ca2014dbc383b0040d110c4b38a0f0..bec26c456b727be25f916e0325987239d1c54091 100644 (file)
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -254,6 +254,10 @@ optional_policy(`
         nx_filetrans_named_content(unconfined_domain_type)
  ')
  
+optional_policy(`
+       postfix_filetrans_named_content(unconfined_domain_type)
+')
+
  optional_policy(`
         pulseaudio_filetrans_home_content(unconfined_domain_type)
         pulseaudio_filetrans_admin_home_content(unconfined_domain_type)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te

index 2d6db898c55e8db187645953f3f8ffdfa9dfde27..c6aa0bceed3fbbdefc94fdd175036b513d21cbff 100644 (file)
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -333,6 +333,10 @@ optional_policy(`
         portmap_run_helper(sysadm_t, sysadm_r)
  ')
  
+optional_policy(`
+       postfix_filetrans_named_content(sysadm_t)
+')
+
  optional_policy(`
         prelink_run(sysadm_t, sysadm_r)
  ')
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if

index c22af867b022991d4092321631cae45f0ef9d6d5..ca32d3031be9170abde602c39d09b06003ac7d74 100644 (file)
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -219,7 +219,7 @@ interface(`postfix_config_filetrans',`
         ')
  
         files_search_etc($1)
-       filetrans_pattern($1, postfix_etc_t, $2, $3)
+       filetrans_pattern($1, postfix_etc_t, $2, $3, $4)
  ')
  
  ########################################
@@ -774,6 +774,8 @@ interface(`postfix_admin',`
         admin_pattern($1, postfix_prng_t)
  
         admin_pattern($1, postfix_public_t)
+
+       postfix_filetrans_named_content($1)
  ')
  
  ########################################
@@ -801,3 +803,23 @@ interface(`postfix_run_postdrop',`
         postfix_domtrans_postdrop($1)
         role $2 types postfix_postdrop_t;
  ')
+
+########################################
+## <summary>
+##     Transition to postfix named content
+## </summary>
+## <param name="domain">
+##     <summary>
+##      Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`postfix_filetrans_named_content',`
+       gen_require(`
+               type postfix_exec_t;
+               type postfix_prng_t;
+       ')
+
+       postfix_config_filetrans($1, postfix_exec_t, file, "postfix-script")
+       postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch")
+')
author	Dan Walsh <dwalsh@redhat.com>
	Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Mon, 31 Oct 2011 18:46:07 +0000 (14:46 -0400)
policy/modules/kernel/domain.te		patch \| blob \| blame \| history
policy/modules/roles/sysadm.te		patch \| blob \| blame \| history
policy/modules/services/postfix.if		patch \| blob \| blame \| history