1 |
commit: 64429db34991a38dec86976e2c9bd3dbb6bdd3f6 |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Oct 28 18:41:08 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Mon Oct 29 14:48:28 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=64429db3 |
7 |
|
8 |
Move mailscanner content to mailscanner module |
9 |
|
10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
11 |
|
12 |
--- |
13 |
policy/modules/contrib/clamav.fc | 1 - |
14 |
policy/modules/contrib/clamav.te | 2 +- |
15 |
policy/modules/contrib/mailscanner.fc | 2 ++ |
16 |
policy/modules/contrib/mailscanner.if | 26 +++++++++++++++++++++++++- |
17 |
policy/modules/contrib/mailscanner.te | 10 ++++++++-- |
18 |
5 files changed, 36 insertions(+), 5 deletions(-) |
19 |
|
20 |
diff --git a/policy/modules/contrib/clamav.fc b/policy/modules/contrib/clamav.fc |
21 |
index 7d93529..dcaa045 100644 |
22 |
--- a/policy/modules/contrib/clamav.fc |
23 |
+++ b/policy/modules/contrib/clamav.fc |
24 |
@@ -24,4 +24,3 @@ |
25 |
/var/run/clamd.* gen_context(system_u:object_r:clamd_var_run_t,s0) |
26 |
|
27 |
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0) |
28 |
-/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0) |
29 |
|
30 |
diff --git a/policy/modules/contrib/clamav.te b/policy/modules/contrib/clamav.te |
31 |
index b5843df..5320a93 100644 |
32 |
--- a/policy/modules/contrib/clamav.te |
33 |
+++ b/policy/modules/contrib/clamav.te |
34 |
@@ -1,4 +1,4 @@ |
35 |
-policy_module(clamav, 1.10.4) |
36 |
+policy_module(clamav, 1.10.5) |
37 |
|
38 |
## <desc> |
39 |
## <p> |
40 |
|
41 |
diff --git a/policy/modules/contrib/mailscanner.fc b/policy/modules/contrib/mailscanner.fc |
42 |
index 827e22e..3698276 100644 |
43 |
--- a/policy/modules/contrib/mailscanner.fc |
44 |
+++ b/policy/modules/contrib/mailscanner.fc |
45 |
@@ -9,3 +9,5 @@ |
46 |
/usr/sbin/MailScanner -- gen_context(system_u:object_r:mscan_exec_t,s0) |
47 |
|
48 |
/var/run/MailScanner\.pid -- gen_context(system_u:object_r:mscan_var_run_t,s0) |
49 |
+ |
50 |
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mscan_spool_t,s0) |
51 |
|
52 |
diff --git a/policy/modules/contrib/mailscanner.if b/policy/modules/contrib/mailscanner.if |
53 |
index 462209d..0293f34 100644 |
54 |
--- a/policy/modules/contrib/mailscanner.if |
55 |
+++ b/policy/modules/contrib/mailscanner.if |
56 |
@@ -2,6 +2,27 @@ |
57 |
|
58 |
######################################## |
59 |
## <summary> |
60 |
+## Create, read, write, and delete |
61 |
+## mscan spool content. |
62 |
+## </summary> |
63 |
+## <param name="domain"> |
64 |
+## <summary> |
65 |
+## Domain allowed access. |
66 |
+## </summary> |
67 |
+## </param> |
68 |
+# |
69 |
+interface(`mscan_manage_spool_content',` |
70 |
+ gen_require(` |
71 |
+ type mscan_spool_t; |
72 |
+ ') |
73 |
+ |
74 |
+ files_search_spool($1) |
75 |
+ manage_dirs_pattern($1, mscan_spool_t, mscan_spool_t) |
76 |
+ manage_files_pattern($1, mscan_spool_t, mscan_spool_t) |
77 |
+') |
78 |
+ |
79 |
+######################################## |
80 |
+## <summary> |
81 |
## All of the rules required to |
82 |
## administrate an mscan environment |
83 |
## </summary> |
84 |
@@ -20,7 +41,7 @@ |
85 |
interface(`mscan_admin',` |
86 |
gen_require(` |
87 |
type mscan_t, mscan_etc_t, mscan_initrc_exec_t; |
88 |
- type mscan_var_run_t; |
89 |
+ type mscan_var_run_t, mscan_spool_t; |
90 |
') |
91 |
|
92 |
allow $1 mscan_t:process { ptrace signal_perms }; |
93 |
@@ -36,4 +57,7 @@ interface(`mscan_admin',` |
94 |
|
95 |
files_search_pids($1 |
96 |
admin_pattern($1, mscan_var_run_t) |
97 |
+ |
98 |
+ files_search_spool($1) |
99 |
+ admin_pattern($1, mscan_spool_t) |
100 |
') |
101 |
|
102 |
diff --git a/policy/modules/contrib/mailscanner.te b/policy/modules/contrib/mailscanner.te |
103 |
index d5651c7..725ba32 100644 |
104 |
--- a/policy/modules/contrib/mailscanner.te |
105 |
+++ b/policy/modules/contrib/mailscanner.te |
106 |
@@ -1,4 +1,4 @@ |
107 |
-policy_module(mailscanner, 1.0.1) |
108 |
+policy_module(mailscanner, 1.0.2) |
109 |
|
110 |
######################################## |
111 |
# |
112 |
@@ -15,6 +15,9 @@ init_script_file(mscan_initrc_exec_t) |
113 |
type mscan_etc_t; |
114 |
files_config_file(mscan_etc_t) |
115 |
|
116 |
+type mscan_spool_t; |
117 |
+files_type(mscan_spool_t) |
118 |
+ |
119 |
type mscan_tmp_t; |
120 |
files_tmp_file(mscan_tmp_t) |
121 |
|
122 |
@@ -35,6 +38,10 @@ read_files_pattern(mscan_t, mscan_etc_t, mscan_etc_t) |
123 |
manage_files_pattern(mscan_t, mscan_var_run_t, mscan_var_run_t) |
124 |
files_pid_filetrans(mscan_t, mscan_var_run_t, file) |
125 |
|
126 |
+manage_dirs_pattern(mscan_t, mscan_spool_t, mscan_spool_t) |
127 |
+manage_files_pattern(mscan_t, mscan_spool_t, mscan_spool_t) |
128 |
+files_spool_filetrans(mscan_t, mscan_spool_t, dir) |
129 |
+ |
130 |
manage_dirs_pattern(mscan_t, mscan_tmp_t, mscan_tmp_t) |
131 |
manage_files_pattern(mscan_t, mscan_tmp_t, mscan_tmp_t) |
132 |
files_tmp_filetrans(mscan_t, mscan_tmp_t, { dir file }) |
133 |
@@ -78,7 +85,6 @@ miscfiles_read_localization(mscan_t) |
134 |
|
135 |
optional_policy(` |
136 |
clamav_domtrans_clamscan(mscan_t) |
137 |
- clamav_manage_pid_content(mscan_t) |
138 |
') |
139 |
|
140 |
optional_policy(` |