Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:mailinfra commit in: policy/modules/contrib/
Date:	Sun, 24 Aug 2014 08:02:57
Message-Id:	`1408821348.a2d1f61b74fda94cd0553ba94174bace791cbeee.swift@gentoo`

1	commit: a2d1f61b74fda94cd0553ba94174bace791cbeee
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Sat Aug 23 19:15:48 2014 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Sat Aug 23 19:15:48 2014 +0000
6	URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a2d1f61b
7
8	Introduce postfix_user_sendmail_privs
9
10	---
11	policy/modules/contrib/postfix.if \| 30 ++++++++++++++++++++++++++++++
12	1 file changed, 30 insertions(+)
13
14	diff --git a/policy/modules/contrib/postfix.if b/policy/modules/contrib/postfix.if
15	index 8e7d1e7..2e1df2c 100644
16	--- a/policy/modules/contrib/postfix.if
17	+++ b/policy/modules/contrib/postfix.if
18	@@ -756,3 +756,33 @@ interface(`postfix_admin',`
19	can_exec($1, postfix_showq_exec_t)
20	')
21	')
22	+
23	+# ifdef distro_gentoo
24	+
25	+#########################################
26	+## <summary>
27	+## Assign privileges for Postfix sendmail
28	+## </summary>
29	+## <param name="domain:>
30	+## <summary>
31	+## Domain to assign privileges to
32	+## </summary>
33	+## </param>
34	+#
35	+interface(`postfix_user_sendmail_privs',`
36	+ allow $1 self:process { setrlimit };
37	+ allow $1 self:tcp_socket create_socket_perms;
38	+ allow $1 self:unix_dgram_socket create_socket_perms;
39	+
40	+ kernel_read_network_state($1)
41	+
42	+ logging_send_syslog_msg($1)
43	+
44	+ auth_use_nsswitch($1)
45	+
46	+ optional_policy(`
47	+ postfix_domtrans_postdrop($1)
48	+ postfix_read_config($1)
49	+ postfix_read_spool_files($1)
50	+ ')
51	+')