Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame policy/modules/services/milter.te

Blob History Raw

Chris PeBenito	b9e523
Chris PeBenito	0000b7	`policy_module(milter, 1.1.1)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`########################################`
Chris PeBenito	b9e523	`#`
Chris PeBenito	b9e523	`# Declarations`
Chris PeBenito	b9e523	`#`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# attributes common to all milters`
Chris PeBenito	b9e523	`attribute milter_domains;`
Chris PeBenito	b9e523	`attribute milter_data_type;`
Chris PeBenito	b9e523
Chris PeBenito	c9c0d8	`# currently-supported milters are milter-greylist, milter-regex and spamass-milter`
Chris PeBenito	c9c0d8	`milter_template(greylist)`
Chris PeBenito	b9e523	`milter_template(regex)`
Chris PeBenito	b9e523	`milter_template(spamass)`
Chris PeBenito	b9e523
Chris PeBenito	0cf1d5	`# Type for the spamass-milter home directory, under which spamassassin will`
Chris PeBenito	0cf1d5	`# store system-wide preferences, bayes databases etc. if not configured to`
Chris PeBenito	0cf1d5	`# use per-user configuration`
Chris PeBenito	0cf1d5	`type spamass_milter_state_t;`
Chris PeBenito	0cf1d5	`files_type(spamass_milter_state_t)`
Chris PeBenito	0cf1d5
Chris PeBenito	b9e523	`########################################`
Chris PeBenito	b9e523	`#`
Chris PeBenito	c9c0d8	`# milter-greylist local policy`
Chris PeBenito	c9c0d8	`# ensure smtp clients retry mail like real MTAs and not spamware`
Chris PeBenito	c9c0d8	`# http://hcpnet.free.fr/milter-greylist/`
Chris PeBenito	c9c0d8	`#`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`# It removes any existing socket (not owned by root) whilst running as root,`
Chris PeBenito	c9c0d8	`# fixes permissions, renices itself and then calls setgid() and setuid() to`
Chris PeBenito	c9c0d8	`# drop privileges`
Chris PeBenito	c9c0d8	`allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };`
Chris PeBenito	c9c0d8	`allow greylist_milter_t self:process { setsched getsched };`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`# It creates a pid file /var/run/milter-greylist.pid`
Chris PeBenito	c9c0d8	`files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`kernel_read_kernel_sysctls(greylist_milter_t)`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`# Allow the milter to read a GeoIP database in /usr/share`
Chris PeBenito	c9c0d8	`files_read_usr_files(greylist_milter_t)`
Chris PeBenito	c9c0d8	`# The milter runs from /var/lib/milter-greylist and maintains files there`
Chris PeBenito	26410d	`files_search_var_lib(greylist_milter_t)`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`# Look up username for dropping privs`
Chris PeBenito	c9c0d8	`auth_use_nsswitch(greylist_milter_t)`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`# Config is in /etc/mail/greylist.conf`
Chris PeBenito	c9c0d8	`mta_read_config(greylist_milter_t)`
Chris PeBenito	c9c0d8
Chris PeBenito	c9c0d8	`########################################`
Chris PeBenito	c9c0d8	`#`
Chris PeBenito	b9e523	`# milter-regex local policy`
Chris PeBenito	b9e523	`# filter emails using regular expressions`
Chris PeBenito	b9e523	`# http://www.benzedrine.cx/milter-regex.html`
Chris PeBenito	b9e523	`#`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# It removes any existing socket (not owned by root) whilst running as root`
Chris PeBenito	b9e523	`# and then calls setgid() and setuid() to drop privileges`
Chris PeBenito	b9e523	`allow regex_milter_t self:capability { setuid setgid dac_override };`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# The milter's socket directory lives under /var/spool`
Chris PeBenito	b9e523	`files_search_spool(regex_milter_t)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# Look up username for dropping privs`
Chris PeBenito	b9e523	`auth_use_nsswitch(regex_milter_t)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# Config is in /etc/mail/milter-regex.conf`
Chris PeBenito	b9e523	`mta_read_config(regex_milter_t)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`########################################`
Chris PeBenito	b9e523	`#`
Chris PeBenito	b9e523	`# spamass-milter local policy`
Chris PeBenito	b9e523	`# pipe emails through SpamAssassin`
Chris PeBenito	b9e523	`# http://savannah.nongnu.org/projects/spamass-milt/`
Chris PeBenito	b9e523	`#`
Chris PeBenito	b9e523
Chris PeBenito	0cf1d5	`# The milter runs from /var/lib/spamass-milter`
Chris PeBenito	0cf1d5	`allow spamass_milter_t spamass_milter_state_t:dir search_dir_perms;`
Chris PeBenito	0cf1d5	`files_search_var_lib(spamass_milter_t)`
Chris PeBenito	0cf1d5
Chris PeBenito	b9e523	`kernel_read_system_state(spamass_milter_t)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# When used with -b or -B options, the milter invokes sendmail to send mail`
Chris PeBenito	b9e523	`# to a spamtrap address, using popen()`
Chris PeBenito	b9e523	`corecmd_exec_shell(spamass_milter_t)`
Chris PeBenito	b9e523	`corecmd_read_bin_symlinks(spamass_milter_t)`
Chris PeBenito	b9e523	`corecmd_search_bin(spamass_milter_t)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`mta_send_mail(spamass_milter_t)`
Chris PeBenito	b9e523
Chris PeBenito	b9e523	`# The main job of the milter is to pipe spam through spamc and act on the result`
Chris PeBenito	b9e523	`spamassassin_domtrans_client(spamass_milter_t)`

rpms / selinux-policy

Source Code

Blame policy/modules/services/milter.te