rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/services/milter.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   b9e5238a242d909f604a56a7587c10a70d1a68bb
  2.   policy
  3.   modules
  4.   services
  5.   milter.te
Blob History Raw
Chris PeBenito b9e523
Chris PeBenito b9e523 
policy_module(milter, 1.0.0)
Chris PeBenito b9e523
Chris PeBenito b9e523 
########################################
Chris PeBenito b9e523 
#
Chris PeBenito b9e523 
# Declarations
Chris PeBenito b9e523 
#
Chris PeBenito b9e523
Chris PeBenito b9e523 
# attributes common to all milters
Chris PeBenito b9e523 
attribute milter_domains;
Chris PeBenito b9e523 
attribute milter_data_type;
Chris PeBenito b9e523
Chris PeBenito b9e523 
# currently-supported milters are milter-regex and spamass-milter
Chris PeBenito b9e523 
milter_template(regex)
Chris PeBenito b9e523 
milter_template(spamass)
Chris PeBenito b9e523
Chris PeBenito b9e523 
########################################
Chris PeBenito b9e523 
#
Chris PeBenito b9e523 
# milter-regex local policy
Chris PeBenito b9e523 
#   filter emails using regular expressions
Chris PeBenito b9e523 
#   http://www.benzedrine.cx/milter-regex.html
Chris PeBenito b9e523 
#
Chris PeBenito b9e523
Chris PeBenito b9e523 
# It removes any existing socket (not owned by root) whilst running as root
Chris PeBenito b9e523 
# and then calls setgid() and setuid() to drop privileges
Chris PeBenito b9e523 
allow regex_milter_t self:capability { setuid setgid dac_override };
Chris PeBenito b9e523
Chris PeBenito b9e523 
# The milter's socket directory lives under /var/spool
Chris PeBenito b9e523 
files_search_spool(regex_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523 
# Look up username for dropping privs
Chris PeBenito b9e523 
auth_use_nsswitch(regex_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523 
# Config is in /etc/mail/milter-regex.conf
Chris PeBenito b9e523 
mta_read_config(regex_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523 
########################################
Chris PeBenito b9e523 
#
Chris PeBenito b9e523 
# spamass-milter local policy
Chris PeBenito b9e523 
#   pipe emails through SpamAssassin
Chris PeBenito b9e523 
#   http://savannah.nongnu.org/projects/spamass-milt/
Chris PeBenito b9e523 
#
Chris PeBenito b9e523
Chris PeBenito b9e523 
kernel_read_system_state(spamass_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523 
# When used with -b or -B options, the milter invokes sendmail to send mail
Chris PeBenito b9e523 
# to a spamtrap address, using popen()
Chris PeBenito b9e523 
corecmd_exec_shell(spamass_milter_t)
Chris PeBenito b9e523 
corecmd_read_bin_symlinks(spamass_milter_t)
Chris PeBenito b9e523 
corecmd_search_bin(spamass_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523 
mta_send_mail(spamass_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523 
# The main job of the milter is to pipe spam through spamc and act on the result
Chris PeBenito b9e523 
spamassassin_domtrans_client(spamass_milter_t)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation