1 |
commit: a2d1f61b74fda94cd0553ba94174bace791cbeee |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Sat Aug 23 19:15:48 2014 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Aug 23 19:15:48 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a2d1f61b |
7 |
|
8 |
Introduce postfix_user_sendmail_privs |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/postfix.if | 30 ++++++++++++++++++++++++++++++ |
12 |
1 file changed, 30 insertions(+) |
13 |
|
14 |
diff --git a/policy/modules/contrib/postfix.if b/policy/modules/contrib/postfix.if |
15 |
index 8e7d1e7..2e1df2c 100644 |
16 |
--- a/policy/modules/contrib/postfix.if |
17 |
+++ b/policy/modules/contrib/postfix.if |
18 |
@@ -756,3 +756,33 @@ interface(`postfix_admin',` |
19 |
can_exec($1, postfix_showq_exec_t) |
20 |
') |
21 |
') |
22 |
+ |
23 |
+# ifdef distro_gentoo |
24 |
+ |
25 |
+######################################### |
26 |
+## <summary> |
27 |
+## Assign privileges for Postfix sendmail |
28 |
+## </summary> |
29 |
+## <param name="domain:> |
30 |
+## <summary> |
31 |
+## Domain to assign privileges to |
32 |
+## </summary> |
33 |
+## </param> |
34 |
+# |
35 |
+interface(`postfix_user_sendmail_privs',` |
36 |
+ allow $1 self:process { setrlimit }; |
37 |
+ allow $1 self:tcp_socket create_socket_perms; |
38 |
+ allow $1 self:unix_dgram_socket create_socket_perms; |
39 |
+ |
40 |
+ kernel_read_network_state($1) |
41 |
+ |
42 |
+ logging_send_syslog_msg($1) |
43 |
+ |
44 |
+ auth_use_nsswitch($1) |
45 |
+ |
46 |
+ optional_policy(` |
47 |
+ postfix_domtrans_postdrop($1) |
48 |
+ postfix_read_config($1) |
49 |
+ postfix_read_spool_files($1) |
50 |
+ ') |
51 |
+') |