[selinux-policy: 2108/3172] trunk: Milter state directory patch from Paul Howarth.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:07:03 UTC 2010 

commit 0cf1d560188fd4152f53dff552b4b718de68c08d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Apr 21 20:40:45 2009 +0000

    trunk: Milter state directory patch from Paul Howarth.

 Changelog                               |    1 +
 policy/modules/services/milter.fc       |    2 ++
 policy/modules/services/milter.if       |   21 +++++++++++++++++++++
 policy/modules/services/milter.te       |   12 +++++++++++-
 policy/modules/services/spamassassin.te |   11 ++++++++++-
 5 files changed, 45 insertions(+), 2 deletions(-)
---
diff --git a/Changelog b/Changelog
index 2233075..3fae533 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Milter state directory patch from Paul Howarth.
 - Add MLS constrains for ingress/egress and secmark from Paul Moore.
 - Drop write permission from fs_read_rpc_sockets().
 - Remove unused udev_runtime_t type.
diff --git a/policy/modules/services/milter.fc b/policy/modules/services/milter.fc
index 4634dba..8528050 100644
--- a/policy/modules/services/milter.fc
+++ b/policy/modules/services/milter.fc
@@ -2,5 +2,7 @@
 /var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
 
 /usr/sbin/spamass-milter			--	gen_context(system_u:object_r:spamass_milter_exec_t,s0)
+
+/var/lib/spamass-milter(/.*)?				gen_context(system_u:object_r:spamass_milter_state_t,s0)
 /var/run/spamass-milter(/.*)?				gen_context(system_u:object_r:spamass_milter_data_t,s0)
 /var/run/spamass-milter\.pid			--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if
index 1155cb7..55d25cd 100644
--- a/policy/modules/services/milter.if
+++ b/policy/modules/services/milter.if
@@ -77,3 +77,24 @@ interface(`milter_getattr_all_sockets',`
 	getattr_dirs_pattern($1, milter_data_type, milter_data_type)
 	getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
 ')
+
+########################################
+## <summary>
+##	Manage spamassassin milter state
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`milter_manage_spamass_state',`
+	gen_require(`
+		type spamass_milter_state_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+	manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+	manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+')
diff --git a/policy/modules/services/milter.te b/policy/modules/services/milter.te
index 908cb61..cedcf41 100644
--- a/policy/modules/services/milter.te
+++ b/policy/modules/services/milter.te
@@ -1,5 +1,5 @@
 
-policy_module(milter, 1.0.0)
+policy_module(milter, 1.0.1)
 
 ########################################
 #
@@ -14,6 +14,12 @@ attribute milter_data_type;
 milter_template(regex)
 milter_template(spamass)
 
+# Type for the spamass-milter home directory, under which spamassassin will
+# store system-wide preferences, bayes databases etc. if not configured to
+# use per-user configuration
+type spamass_milter_state_t;
+files_type(spamass_milter_state_t)
+
 ########################################
 #
 # milter-regex local policy
@@ -41,6 +47,10 @@ mta_read_config(regex_milter_t)
 #   http://savannah.nongnu.org/projects/spamass-milt/
 #
 
+# The milter runs from /var/lib/spamass-milter
+allow spamass_milter_t spamass_milter_state_t:dir search_dir_perms;
+files_search_var_lib(spamass_milter_t)
+
 kernel_read_system_state(spamass_milter_t)
 
 # When used with -b or -B options, the milter invokes sendmail to send mail
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index 622b4b2..50b62dd 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -1,5 +1,5 @@
 
-policy_module(spamassassin, 2.1.2)
+policy_module(spamassassin, 2.1.3)
 
 ########################################
 #
@@ -280,6 +280,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	# Needed for pyzor/razor called from spamd
+	milter_manage_spamass_state(spamc_t)
+')
+
+optional_policy(`
 	nis_use_ypbind(spamc_t)
 ')
 
@@ -419,6 +424,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	milter_manage_spamass_state(spamd_t)
+')
+
+optional_policy(`
 	mysql_search_db(spamd_t)
 	mysql_stream_connect(spamd_t)
 ')

More information about the scm-commits mailing list