summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris PeBenito <cpebenito@tresys.com>2009-09-17 09:12:33 -0400
committerChris PeBenito <cpebenito@tresys.com>2009-09-17 09:12:33 -0400
commit5a6b1fe2b4a1cd69b0c8c54772b88fdf9201c3be (patch)
tree4caee7130911998be6be72808445ba5287cd90a7
parent21b1d1096fbcc97438898b8e75e35e015e6bbda6 (diff)
add dkim from stefan schulze frielinghaus.
-rw-r--r--Changelog1
-rw-r--r--policy/modules/services/dkim.fc9
-rw-r--r--policy/modules/services/dkim.if1
-rw-r--r--policy/modules/services/dkim.te32
4 files changed, 43 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index a618ed28..8bb11814 100644
--- a/Changelog
+++ b/Changelog
@@ -10,6 +10,7 @@
- Add missing compatibility aliases for xdm_xserver*_t types.
- Added modules:
abrt (Dan Walsh)
+ dkim (Stefan Schulze Frielinghaus)
gitosis (Miroslav Grepl)
gnomeclock (Dan Walsh)
hddtemp (Dan Walsh)
diff --git a/policy/modules/services/dkim.fc b/policy/modules/services/dkim.fc
new file mode 100644
index 00000000..dc1056c5
--- /dev/null
+++ b/policy/modules/services/dkim.fc
@@ -0,0 +1,9 @@
+/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
+
+/usr/sbin/dkim-filter -- gen_context(system_u:object_r:dkim_milter_exec_t,s0)
+
+/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
+
+/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
+/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
+/var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0)
diff --git a/policy/modules/services/dkim.if b/policy/modules/services/dkim.if
new file mode 100644
index 00000000..32d108ad
--- /dev/null
+++ b/policy/modules/services/dkim.if
@@ -0,0 +1 @@
+## <summary>DomainKeys Identified Mail milter.</summary>
diff --git a/policy/modules/services/dkim.te b/policy/modules/services/dkim.te
new file mode 100644
index 00000000..7c01d0e1
--- /dev/null
+++ b/policy/modules/services/dkim.te
@@ -0,0 +1,32 @@
+
+policy_module(dkim, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+milter_template(dkim)
+
+# Type for the private key of dkim-filter
+type dkim_milter_private_key_t;
+files_type(dkim_milter_private_key_t)
+
+########################################
+#
+# Local policy
+#
+
+allow dkim_milter_t self:capability { setgid setuid };
+
+read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t)
+
+kernel_read_kernel_sysctls(dkim_milter_t)
+
+dev_read_urand(dkim_milter_t)
+
+files_read_etc_files(dkim_milter_t)
+
+sysnet_dns_name_resolve(dkim_milter_t)
+
+mta_read_config(dkim_milter_t)