[selinux-policy: 2281/3172] add dkim from stefan schulze frielinghaus.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:22:33 UTC 2010 

commit 5a6b1fe2b4a1cd69b0c8c54772b88fdf9201c3be
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Sep 17 09:12:33 2009 -0400

    add dkim from stefan schulze frielinghaus.

 Changelog                       |    1 +
 policy/modules/services/dkim.fc |    9 +++++++++
 policy/modules/services/dkim.if |    1 +
 policy/modules/services/dkim.te |   32 ++++++++++++++++++++++++++++++++
 4 files changed, 43 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index a618ed2..8bb1181 100644
--- a/Changelog
+++ b/Changelog
@@ -10,6 +10,7 @@
 - Add missing compatibility aliases for xdm_xserver*_t types.
 - Added modules:
 	abrt (Dan Walsh)
+	dkim (Stefan Schulze Frielinghaus)
 	gitosis (Miroslav Grepl)
 	gnomeclock (Dan Walsh)
 	hddtemp (Dan Walsh)
diff --git a/policy/modules/services/dkim.fc b/policy/modules/services/dkim.fc
new file mode 100644
index 0000000..dc1056c
--- /dev/null
+++ b/policy/modules/services/dkim.fc
@@ -0,0 +1,9 @@
+/etc/mail/dkim-milter/keys(/.*)?	gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
+
+/usr/sbin/dkim-filter		--	gen_context(system_u:object_r:dkim_milter_exec_t,s0)
+
+/var/db/dkim(/.*)?			gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
+
+/var/run/dkim-filter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
+/var/run/dkim-milter(/.*)?		gen_context(system_u:object_r:dkim_milter_data_t,s0)
+/var/run/dkim-milter\.pid	--	gen_context(system_u:object_r:dkim_milter_data_t,s0)
diff --git a/policy/modules/services/dkim.if b/policy/modules/services/dkim.if
new file mode 100644
index 0000000..32d108a
--- /dev/null
+++ b/policy/modules/services/dkim.if
@@ -0,0 +1 @@
+## <summary>DomainKeys Identified Mail milter.</summary>
diff --git a/policy/modules/services/dkim.te b/policy/modules/services/dkim.te
new file mode 100644
index 0000000..7c01d0e
--- /dev/null
+++ b/policy/modules/services/dkim.te
@@ -0,0 +1,32 @@
+
+policy_module(dkim, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+milter_template(dkim)
+
+# Type for the private key of dkim-filter
+type dkim_milter_private_key_t;
+files_type(dkim_milter_private_key_t)
+
+########################################
+#
+# Local policy
+#
+
+allow dkim_milter_t self:capability { setgid setuid };
+
+read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t)
+
+kernel_read_kernel_sysctls(dkim_milter_t)
+
+dev_read_urand(dkim_milter_t)
+
+files_read_etc_files(dkim_milter_t)
+
+sysnet_dns_name_resolve(dkim_milter_t)
+
+mta_read_config(dkim_milter_t)

More information about the scm-commits mailing list