diff options
| -rw-r--r-- | policy/modules/contrib/dkim.fc | 19 | ||||
| -rw-r--r-- | policy/modules/contrib/dkim.if | 38 | ||||
| -rw-r--r-- | policy/modules/contrib/dkim.te | 6 |
3 files changed, 53 insertions, 10 deletions
diff --git a/policy/modules/contrib/dkim.fc b/policy/modules/contrib/dkim.fc index bf4321a1..eebcf5d1 100644 --- a/policy/modules/contrib/dkim.fc +++ b/policy/modules/contrib/dkim.fc @@ -1,14 +1,17 @@ /etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) -/etc/opendkim/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) +/etc/opendkim/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) -/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0) -/usr/sbin/opendkim -- gen_context(system_u:object_r:dkim_milter_exec_t,s0) +/etc/rc\.d/init\.d/((opendkim)|(dkim-milter)) -- gen_context(system_u:object_r:dkim_milter_initrc_exec_t,s0) -/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) +/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0) +/usr/sbin/opendkim -- gen_context(system_u:object_r:dkim_milter_exec_t,s0) -/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) -/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) + +/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) /var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0) -/var/run/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) -/var/spool/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/run/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) + +/var/spool/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) diff --git a/policy/modules/contrib/dkim.if b/policy/modules/contrib/dkim.if index 32d108ad..386e4941 100644 --- a/policy/modules/contrib/dkim.if +++ b/policy/modules/contrib/dkim.if @@ -1 +1,39 @@ ## <summary>DomainKeys Identified Mail milter.</summary> + +######################################## +## <summary> +## All of the rules required to +## administrate an dkim environment. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`dkim_admin',` + gen_require(` + type dkim_milter_t, dkim_milter_initrc_exec_t, dkim_milter_private_key_t; + type dkim_milter_data_t; + ') + + allow $1 dkim_milter_t:process { ptrace signal_perms }; + ps_process_pattern($1, dkim_milter_t) + + init_labeled_script_domtrans($1, dkim_milter_initrc_exec_t) + domain_system_change_exemption($1) + role_transition $2 dkim_milter_initrc_exec_t system_r; + allow $2 system_r; + + files_search_etc($1) + admin_pattern($1, dkim_milter_private_key_t) + + files_search_pids($1) + admin_pattern($1, dkim_milter_data_t) +') diff --git a/policy/modules/contrib/dkim.te b/policy/modules/contrib/dkim.te index cc1199e1..30f45780 100644 --- a/policy/modules/contrib/dkim.te +++ b/policy/modules/contrib/dkim.te @@ -1,4 +1,4 @@ -policy_module(dkim, 1.1.0) +policy_module(dkim, 1.1.1) ######################################## # @@ -7,7 +7,9 @@ policy_module(dkim, 1.1.0) milter_template(dkim) -# Type for the private key of dkim-filter +type dkim_milter_initrc_exec_t; +init_script_file(dkim_milter_initrc_exec_t) + type dkim_milter_private_key_t; files_type(dkim_milter_private_key_t) |