From 8c6292b7a47511ba2f172e68b1ce20084ae34a9b Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Jun 24 2008 13:21:35 +0000 Subject: trunk: Patch to handle postfix data_directory from Vaclav Ovsik. --- diff --git a/Changelog b/Changelog index bfe3d71..1c51524 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Patch to handle postfix data_directory from Vaclav Ovsik. - SE-Postgresql policy from KaiGai Kohei. - Patch for X.org dbus support from Martin Orr. - Patch for labeled networking controls in 2.6.25 from Paul Moore. diff --git a/policy/modules/services/postfix.fc b/policy/modules/services/postfix.fc index b85afac..55e62d2 100644 --- a/policy/modules/services/postfix.fc +++ b/policy/modules/services/postfix.fc @@ -43,6 +43,9 @@ ifdef(`distro_redhat', ` /usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s0) /usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_exec_t,s0) /usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_t,s0) + +/var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_data_t,s0) + /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) /var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0) diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index 1c9e0b2..fcd74c8 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -1,5 +1,5 @@ -policy_module(postfix,1.8.0) +policy_module(postfix, 1.8.1) ######################################## # @@ -83,6 +83,10 @@ files_type(postfix_public_t) type postfix_var_run_t; files_pid_file(postfix_var_run_t) +# the data_directory config parameter +type postfix_data_t; +files_type(postfix_data_t) + postfix_server_domain_template(virtual) mta_mailserver_delivery(postfix_virtual_t) @@ -104,6 +108,9 @@ allow postfix_master_t postfix_etc_t:file rw_file_perms; can_exec(postfix_master_t,postfix_exec_t) +allow postfix_master_t postfix_data_t:dir manage_dir_perms; +allow postfix_master_t postfix_data_t:file manage_file_perms; + allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock }; allow postfix_master_t postfix_postdrop_exec_t:file getattr;