diff options
| author |   Jason Zaman <jason@perfinion.com> | 2018-04-12 19:38:05 +0800 |
|---|---|---|
| committer | Jason Zaman <jason@perfinion.com> | 2018-04-22 19:53:59 +0800 |
| commit | bd2b8d19d0ad21719a31065a325e8bf083dc623f (patch) | |
| tree | 8213f0e3e7465def5fba6b6e71d66d5f281f4bba | |
| parent | mozilla: allow map usr, home, tmp files (diff) | |
| download | hardened-refpolicy-bd2b8d19d0ad21719a31065a325e8bf083dc623f.tar.gz hardened-refpolicy-bd2b8d19d0ad21719a31065a325e8bf083dc623f.tar.bz2 hardened-refpolicy-bd2b8d19d0ad21719a31065a325e8bf083dc623f.zip | |
mta: Add msmtp fcontexts and allow ssl certs
| -rw-r--r-- | policy/modules/contrib/mta.fc | 3 | ||||
| -rw-r--r-- | policy/modules/contrib/mta.te | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/contrib/mta.fc b/policy/modules/contrib/mta.fc index ace4a1f14..66634b0c7 100644 --- a/policy/modules/contrib/mta.fc +++ b/policy/modules/contrib/mta.fc @@ -2,6 +2,7 @@ HOME_DIR/\.esmtp_queue -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/dead\.letter -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/\.mailrc -- gen_context(system_u:object_r:mail_home_t,s0) +HOME_DIR/\.msmtprc -- gen_context(system_u:object_r:mail_home_t,s0) HOME_DIR/Maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) HOME_DIR/DovecotMail(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) @@ -10,10 +11,12 @@ HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0) /etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0) /etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0) /etc/mail/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0) +/etc/msmtprc -- gen_context(system_u:object_r:etc_mail_t,s0) /etc/postfix/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0) /usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/usr/bin/msmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/sendmail\.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/bin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) diff --git a/policy/modules/contrib/mta.te b/policy/modules/contrib/mta.te index 996c1fb52..01183ef1d 100644 --- a/policy/modules/contrib/mta.te +++ b/policy/modules/contrib/mta.te @@ -109,6 +109,7 @@ init_dontaudit_rw_utmp(user_mail_domain) logging_send_syslog_msg(user_mail_domain) +miscfiles_read_all_certs(user_mail_domain) miscfiles_read_localization(user_mail_domain) tunable_policy(`use_samba_home_dirs',` |