[selinux-policy: 2067/3172] trunk: 2 patches from dan.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:03:28 UTC 2010 

commit 9ff89c44e79638e9ef431049d460baae8b54213a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Dec 4 15:01:12 2008 +0000

    trunk: 2 patches from dan.

 policy/modules/services/mta.if      |   19 +++++++++++++++++++
 policy/modules/services/mta.te      |    2 +-
 policy/modules/services/postfix.if  |   19 +++++++++++++++++++
 policy/modules/services/postfix.te  |    2 +-
 policy/modules/services/postgrey.te |    3 ++-
 policy/modules/services/uucp.te     |    3 ++-
 6 files changed, 44 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index 1698b82..e57d2f8 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -752,6 +752,25 @@ interface(`mta_search_queue',`
 
 #######################################
 ## <summary>
+##	Read the mail queue.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`mta_read_queue',`
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	read_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
+	files_search_spool($1)
+')
+
+#######################################
+## <summary>
 ##	Do not audit attempts to read and
 ##	write the mail queue.
 ## </summary>
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 8576491..086452d 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
 
-policy_module(mta, 2.0.1)
+policy_module(mta, 2.0.2)
 
 ########################################
 #
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index 88b923c..9a68d8d 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -465,6 +465,25 @@ interface(`postfix_read_spool_files',`
 
 ########################################
 ## <summary>
+##	Create, read, write, and delete postfix mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_manage_spool_files',`
+	gen_require(`
+		type postfix_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_files_pattern($1, postfix_spool_t, postfix_spool_t)
+')
+
+########################################
+## <summary>
 ##	Execute postfix user mail programs
 ##	in their respective domains.
 ## </summary>
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 8f9f273..2f3fe00 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
 
-policy_module(postfix, 1.9.2)
+policy_module(postfix, 1.9.3)
 
 ########################################
 #
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te
index f0d4951..5416464 100644
--- a/policy/modules/services/postgrey.te
+++ b/policy/modules/services/postgrey.te
@@ -1,5 +1,5 @@
 
-policy_module(postgrey, 1.5.2)
+policy_module(postgrey, 1.5.3)
 
 ########################################
 #
@@ -95,6 +95,7 @@ optional_policy(`
 
 optional_policy(`
 	postfix_read_config(postgrey_t)
+	postfix_manage_spool_files(postgrey_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
index 5bce20a..038ced4 100644
--- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
 
-policy_module(uucp, 1.8.0)
+policy_module(uucp, 1.8.1)
 
 ########################################
 #
@@ -121,6 +121,7 @@ miscfiles_read_localization(uux_t)
 
 optional_policy(`
 	mta_send_mail(uux_t)
+	mta_read_queue(uux_t)
 ')
 
 optional_policy(`

More information about the scm-commits mailing list