# # Macros for spamassassin domains. # # Author: Colin Walters # spamassassin_domain(domain_prefix) # # Define derived domains for various spamassassin tools when executed # by a user domain. # # The type declarations for the executable types of these programs are # provided separately in domains/program/spamassassin.te and # domains/program/spamc.te. # undefine(`spamassassin_domain') ifdef(`spamassassin.te', `define(`using_spamassassin', `')') ifdef(`spamd.te', `define(`using_spamassassin', `')') ifdef(`spamc.te', `define(`using_spamassassin', `')') ifdef(`using_spamassassin',` ####### # Macros used internally in these spamassassin macros. # ### # Define a domain for a spamassassin-like program (spamc/spamassassin). # # Note: most of this should really be in a generic macro like # base_user_program($1, foo) define(`spamassassin_program_domain',` type $1_$2_t, domain, privlog $3; domain_auto_trans($1_t, $2_exec_t, $1_$2_t) role $1_r types $1_$2_t; general_domain_access($1_$2_t) base_file_read_access($1_$2_t) r_dir_file($1_$2_t, etc_t) ifdef(`sendmail.te', ` r_dir_file($1_$2_t, etc_mail_t) ') allow $1_$2_t etc_runtime_t:file r_file_perms; uses_shlib($1_$2_t) read_locale($1_$2_t) dontaudit $1_$2_t var_t:dir search; tmp_domain($1_$2) allow $1_$2_t privfd:fd use; allow $1_$2_t userpty_type:chr_file rw_file_perms; ') dnl end spamassassin_program_domain ### # Give privileges to a domain for accessing ~/.spamassassin # and a few other misc things like /dev/random. # This is granted to /usr/bin/spamassassin and # /usr/sbin/spamd, but NOT spamc (because it does not need it). # define(`spamassassin_agent_privs',` allow $1 home_root_t:dir r_dir_perms; file_type_auto_trans($1, $2_home_dir_t, $2_spamassassin_home_t) create_dir_file($1, $2_spamassassin_home_t) allow $1 urandom_device_t:chr_file r_file_perms; ') ####### # Define the main spamassassin macro. This itself creates a # domain for /usr/bin/spamassassin, and also spamc/spamd if # applicable. # define(`spamassassin_domain',` spamassassin_program_domain($1, spamassassin) # For perl libraries. allow $1_spamassassin_t lib_t:file rx_file_perms; # Ignore perl digging in /proc and /var. dontaudit $1_spamassassin_t proc_t:dir search; dontaudit $1_spamassassin_t proc_t:lnk_file read; dontaudit $1_spamassassin_t { sysctl_t sysctl_kernel_t }:dir search; # For ~/.spamassassin home_domain($1, spamassassin) file_type_auto_trans($1_spamassassin_t, $1_home_dir_t, $1_spamassassin_home_t, dir) spamassassin_agent_privs($1_spamassassin_t, $1) can_resolve($1_spamassassin_t) # set tunable if you give spamassassin full network access. if (spamassasin_can_network) { can_network($1_spamassassin_t) allow $1_spamassassin_t port_type:tcp_socket name_connect; } if (spamassasin_can_network && allow_ypbind) { uncond_can_ypbind($1_spamassassin_t) } ### # Define the domain for /usr/bin/spamc # ifdef(`spamc.te',` spamassassin_program_domain($1, spamc, `, nscd_client_domain') can_network($1_spamc_t) allow $1_spamc_t port_type:tcp_socket name_connect; can_ypbind($1_spamc_t) # Allow connecting to a local spamd ifdef(`spamd.te',` can_tcp_connect($1_spamc_t, spamd_t) can_unix_connect($1_spamc_t, spamd_t) allow $1_spamc_t spamd_tmp_t:sock_file rw_file_perms; ') dnl endif spamd.te ') dnl endif spamc.te ### # Define the domain for /usr/sbin/spamd # ifdef(`spamd.te',` spamassassin_agent_privs(spamd_t, $1) ') dnl endif spamd.te ') dnl end spamassassin_domain ', ` define(`spamassassin_domain',`') ')