diff options
author | Chris PeBenito <cpebenito@tresys.com> | 2009-09-17 09:12:33 -0400 |
---|---|---|
committer | Chris PeBenito <cpebenito@tresys.com> | 2009-09-17 09:12:33 -0400 |
commit | 5a6b1fe2b4a1cd69b0c8c54772b88fdf9201c3be (patch) | |
tree | 4caee7130911998be6be72808445ba5287cd90a7 | |
parent | 21b1d1096fbcc97438898b8e75e35e015e6bbda6 (diff) |
add dkim from stefan schulze frielinghaus.
-rw-r--r-- | Changelog | 1 | ||||
-rw-r--r-- | policy/modules/services/dkim.fc | 9 | ||||
-rw-r--r-- | policy/modules/services/dkim.if | 1 | ||||
-rw-r--r-- | policy/modules/services/dkim.te | 32 |
4 files changed, 43 insertions, 0 deletions
@@ -10,6 +10,7 @@ - Add missing compatibility aliases for xdm_xserver*_t types. - Added modules: abrt (Dan Walsh) + dkim (Stefan Schulze Frielinghaus) gitosis (Miroslav Grepl) gnomeclock (Dan Walsh) hddtemp (Dan Walsh) diff --git a/policy/modules/services/dkim.fc b/policy/modules/services/dkim.fc new file mode 100644 index 00000000..dc1056c5 --- /dev/null +++ b/policy/modules/services/dkim.fc @@ -0,0 +1,9 @@ +/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) + +/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0) + +/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) + +/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0) diff --git a/policy/modules/services/dkim.if b/policy/modules/services/dkim.if new file mode 100644 index 00000000..32d108ad --- /dev/null +++ b/policy/modules/services/dkim.if @@ -0,0 +1 @@ +## <summary>DomainKeys Identified Mail milter.</summary> diff --git a/policy/modules/services/dkim.te b/policy/modules/services/dkim.te new file mode 100644 index 00000000..7c01d0e1 --- /dev/null +++ b/policy/modules/services/dkim.te @@ -0,0 +1,32 @@ + +policy_module(dkim, 1.0.0) + +######################################## +# +# Declarations +# + +milter_template(dkim) + +# Type for the private key of dkim-filter +type dkim_milter_private_key_t; +files_type(dkim_milter_private_key_t) + +######################################## +# +# Local policy +# + +allow dkim_milter_t self:capability { setgid setuid }; + +read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t) + +kernel_read_kernel_sysctls(dkim_milter_t) + +dev_read_urand(dkim_milter_t) + +files_read_etc_files(dkim_milter_t) + +sysnet_dns_name_resolve(dkim_milter_t) + +mta_read_config(dkim_milter_t) |