[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Fri, 28 Sep 2012 17:52:18
Message-Id:	`1348854476.a7aab0b2275f1883f1908bb036520a7a6616a94f.SwifT@gentoo`

1

commit:     a7aab0b2275f1883f1908bb036520a7a6616a94f

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Fri Sep 28 10:49:33 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Fri Sep 28 17:47:56 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a7aab0b2

7

8

Changes to the dkim policy module

9

10

Add init script file

11

Add dkim_admin()

12

Module clean up

13

14

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

15

16

---

17

 policy/modules/contrib/dkim.fc |   19 +++++++++++--------

18

 policy/modules/contrib/dkim.if |   38 ++++++++++++++++++++++++++++++++++++++

19

 policy/modules/contrib/dkim.te |    6 ++++--

20

 3 files changed, 53 insertions(+), 10 deletions(-)

21

22

diff --git a/policy/modules/contrib/dkim.fc b/policy/modules/contrib/dkim.fc

23

index bf4321a..eebcf5d 100644

24

--- a/policy/modules/contrib/dkim.fc

25

+++ b/policy/modules/contrib/dkim.fc

26

@@ -1,14 +1,17 @@

27

 /etc/mail/dkim-milter/keys(/.*)?	gen_context(system_u:object_r:dkim_milter_private_key_t,s0)

28

-/etc/opendkim/keys(/.*)?		gen_context(system_u:object_r:dkim_milter_private_key_t,s0)

29

+/etc/opendkim/keys(/.*)?	gen_context(system_u:object_r:dkim_milter_private_key_t,s0)

30

31

-/usr/sbin/dkim-filter		--	gen_context(system_u:object_r:dkim_milter_exec_t,s0)

32

-/usr/sbin/opendkim		--	gen_context(system_u:object_r:dkim_milter_exec_t,s0)

33

+/etc/rc\.d/init\.d/((opendkim)|(dkim-milter))	--	gen_context(system_u:object_r:dkim_milter_initrc_exec_t,s0)

34

35

-/var/db/dkim(/.*)?			gen_context(system_u:object_r:dkim_milter_private_key_t,s0)

36

+/usr/sbin/dkim-filter	--	gen_context(system_u:object_r:dkim_milter_exec_t,s0)

37

+/usr/sbin/opendkim	--	gen_context(system_u:object_r:dkim_milter_exec_t,s0)

38

39

-/var/run/dkim-filter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)

40

-/var/run/dkim-milter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)

41

+/var/db/dkim(/.*)?	gen_context(system_u:object_r:dkim_milter_private_key_t,s0)

42

+

43

+/var/run/dkim-filter(/.*)?	gen_context(system_u:object_r:dkim_milter_data_t,s0)

44

+/var/run/dkim-milter(/.*)?	gen_context(system_u:object_r:dkim_milter_data_t,s0)

45

 /var/run/dkim-milter\.pid	--	gen_context(system_u:object_r:dkim_milter_data_t,s0)

46

-/var/run/opendkim(/.*)?			gen_context(system_u:object_r:dkim_milter_data_t,s0)

47

48

-/var/spool/opendkim(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)

49

+/var/run/opendkim(/.*)?	gen_context(system_u:object_r:dkim_milter_data_t,s0)

50

+

51

+/var/spool/opendkim(/.*)?	gen_context(system_u:object_r:dkim_milter_data_t,s0)

52

53

diff --git a/policy/modules/contrib/dkim.if b/policy/modules/contrib/dkim.if

54

index 32d108a..386e494 100644

55

--- a/policy/modules/contrib/dkim.if

56

+++ b/policy/modules/contrib/dkim.if

57

@@ -1 +1,39 @@

58

 ## <summary>DomainKeys Identified Mail milter.</summary>

59

+

60

+########################################

61

+## <summary>

62

+##	All of the rules required to

63

+##	administrate an dkim environment.

64

+## </summary>

65

+## <param name="domain">

66

+##	<summary>

67

+##	Domain allowed access.

68

+##	</summary>

69

+## </param>

70

+## <param name="role">

71

+##	<summary>

72

+##	Role allowed access.

73

+##	</summary>

74

+## </param>

75

+## <rolecap/>

76

+#

77

+interface(`dkim_admin',`

78

+	gen_require(`

79

+		type dkim_milter_t, dkim_milter_initrc_exec_t, dkim_milter_private_key_t;

80

+		type dkim_milter_data_t;

81

+	')

82

+

83

+	allow $1 dkim_milter_t:process { ptrace signal_perms };

84

+	ps_process_pattern($1, dkim_milter_t)

85

+

86

+	init_labeled_script_domtrans($1, dkim_milter_initrc_exec_t)

87

+	domain_system_change_exemption($1)

88

+	role_transition $2 dkim_milter_initrc_exec_t system_r;

89

+	allow $2 system_r;

90

+

91

+	files_search_etc($1)

92

+	admin_pattern($1, dkim_milter_private_key_t)

93

+

94

+	files_search_pids($1)

95

+	admin_pattern($1, dkim_milter_data_t)

96

+')

97

98

diff --git a/policy/modules/contrib/dkim.te b/policy/modules/contrib/dkim.te

99

index cc1199e..30f4578 100644

100

--- a/policy/modules/contrib/dkim.te

101

+++ b/policy/modules/contrib/dkim.te

102

@@ -1,4 +1,4 @@

103

-policy_module(dkim, 1.1.0)

104

+policy_module(dkim, 1.1.1)

105

106

 ########################################

107

#

108

@@ -7,7 +7,9 @@ policy_module(dkim, 1.1.0)

109

110

 milter_template(dkim)

111

112

-# Type for the private key of dkim-filter

113

+type dkim_milter_initrc_exec_t;

114

+init_script_file(dkim_milter_initrc_exec_t)

115

+

116

 type dkim_milter_private_key_t;

117

 files_type(dkim_milter_private_key_t)

1	commit: a7aab0b2275f1883f1908bb036520a7a6616a94f
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Fri Sep 28 10:49:33 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Fri Sep 28 17:47:56 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a7aab0b2
7
8	Changes to the dkim policy module
9
10	Add init script file
11	Add dkim_admin()
12	Module clean up
13
14	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
15
16	---
17	policy/modules/contrib/dkim.fc \| 19 +++++++++++--------
18	policy/modules/contrib/dkim.if \| 38 ++++++++++++++++++++++++++++++++++++++
19	policy/modules/contrib/dkim.te \| 6 ++++--
20	3 files changed, 53 insertions(+), 10 deletions(-)
21
22	diff --git a/policy/modules/contrib/dkim.fc b/policy/modules/contrib/dkim.fc
23	index bf4321a..eebcf5d 100644
24	--- a/policy/modules/contrib/dkim.fc
25	+++ b/policy/modules/contrib/dkim.fc
26	@@ -1,14 +1,17 @@
27	/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
28	-/etc/opendkim/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
29	+/etc/opendkim/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
30
31	-/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0)
32	-/usr/sbin/opendkim -- gen_context(system_u:object_r:dkim_milter_exec_t,s0)
33	+/etc/rc\.d/init\.d/((opendkim)\|(dkim-milter)) -- gen_context(system_u:object_r:dkim_milter_initrc_exec_t,s0)
34
35	-/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
36	+/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0)
37	+/usr/sbin/opendkim -- gen_context(system_u:object_r:dkim_milter_exec_t,s0)
38
39	-/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
40	-/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
41	+/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
42	+
43	+/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
44	+/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
45	/var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0)
46	-/var/run/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
47
48	-/var/spool/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
49	+/var/run/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
50	+
51	+/var/spool/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
52
53	diff --git a/policy/modules/contrib/dkim.if b/policy/modules/contrib/dkim.if
54	index 32d108a..386e494 100644
55	--- a/policy/modules/contrib/dkim.if
56	+++ b/policy/modules/contrib/dkim.if
57	@@ -1 +1,39 @@
58	## <summary>DomainKeys Identified Mail milter.</summary>
59	+
60	+########################################
61	+## <summary>
62	+## All of the rules required to
63	+## administrate an dkim environment.
64	+## </summary>
65	+## <param name="domain">
66	+## <summary>
67	+## Domain allowed access.
68	+## </summary>
69	+## </param>
70	+## <param name="role">
71	+## <summary>
72	+## Role allowed access.
73	+## </summary>
74	+## </param>
75	+## <rolecap/>
76	+#
77	+interface(`dkim_admin',`
78	+ gen_require(`
79	+ type dkim_milter_t, dkim_milter_initrc_exec_t, dkim_milter_private_key_t;
80	+ type dkim_milter_data_t;
81	+ ')
82	+
83	+ allow $1 dkim_milter_t:process { ptrace signal_perms };
84	+ ps_process_pattern($1, dkim_milter_t)
85	+
86	+ init_labeled_script_domtrans($1, dkim_milter_initrc_exec_t)
87	+ domain_system_change_exemption($1)
88	+ role_transition $2 dkim_milter_initrc_exec_t system_r;
89	+ allow $2 system_r;
90	+
91	+ files_search_etc($1)
92	+ admin_pattern($1, dkim_milter_private_key_t)
93	+
94	+ files_search_pids($1)
95	+ admin_pattern($1, dkim_milter_data_t)
96	+')
97
98	diff --git a/policy/modules/contrib/dkim.te b/policy/modules/contrib/dkim.te
99	index cc1199e..30f4578 100644
100	--- a/policy/modules/contrib/dkim.te
101	+++ b/policy/modules/contrib/dkim.te
102	@@ -1,4 +1,4 @@
103	-policy_module(dkim, 1.1.0)
104	+policy_module(dkim, 1.1.1)
105
106	########################################
107	#
108	@@ -7,7 +7,9 @@ policy_module(dkim, 1.1.0)
109
110	milter_template(dkim)
111
112	-# Type for the private key of dkim-filter
113	+type dkim_milter_initrc_exec_t;
114	+init_script_file(dkim_milter_initrc_exec_t)
115	+
116	type dkim_milter_private_key_t;
117	files_type(dkim_milter_private_key_t)

Gentoo Archives: gentoo-commits