commit: bd2b8d19d0ad21719a31065a325e8bf083dc623f Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Thu Apr 12 11:38:05 2018 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Apr 22 11:53:59 2018 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd2b8d19
mta: Add msmtp fcontexts and allow ssl certs policy/modules/contrib/mta.fc | 3 +++ policy/modules/contrib/mta.te | 1 + 2 files changed, 4 insertions(+) diff --git a/policy/modules/contrib/mta.fc b/policy/modules/contrib/mta.fc index ace4a1f1..66634b0c 100644 --- a/policy/modules/contrib/mta.fc +++ b/policy/modules/contrib/mta.fc @@ -2,6 +2,7 @@ HOME_DIR/\.esmtp_queue -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/dead\.letter -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/\.mailrc -- gen_context(system_u:object_r:mail_home_t,s0) +HOME_DIR/\.msmtprc -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/Maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) HOME_DIR/DovecotMail(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) @@ -10,10 +11,12 @@ HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) /etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0) /etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0) /etc/mail/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0) +/etc/msmtprc -- gen_context(system_u:object_r:etc_mail_t,s0) /etc/postfix/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0) /usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/usr/bin/msmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/sendmail\.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) diff --git a/policy/modules/contrib/mta.te b/policy/modules/contrib/mta.te index 996c1fb5..01183ef1 100644 --- a/policy/modules/contrib/mta.te +++ b/policy/modules/contrib/mta.te @@ -109,6 +109,7 @@ init_dontaudit_rw_utmp(user_mail_domain) logging_send_syslog_msg(user_mail_domain) +miscfiles_read_all_certs(user_mail_domain) miscfiles_read_localization(user_mail_domain) tunable_policy(`use_samba_home_dirs',`
