diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if index 70f6fdf..46037c0 100644 --- a/refpolicy/policy/modules/services/mta.if +++ b/refpolicy/policy/modules/services/mta.if @@ -476,6 +476,41 @@ interface(`mta_send_mail',` ######################################## ## <summary> +## Execute send mail in a specified domain. +## </summary> +## <desc> +## <p> +## Execute send mail in a specified domain. +## </p> +## <p> +## No interprocess communication (signals, pipes, +## etc.) is provided by this interface since +## the domains are not owned by this module. +## </p> +## </desc> +## <param name="source_domain"> +## <summary> +## Domain to transition from. +## </summary> +## </param> +## <param name="target_domain"> +## <summary> +## Domain to transition to. +## </summary> +## </param> +# +interface(`mta_sendmail_domtrans',` + gen_require(` + type sendmail_exec_t; + ') + + files_search_usr($1) + corecmd_read_sbin_symlinks($1) + domain_auto_trans($1,sendmail_exec_t,$2) +') + +######################################## +## <summary> ## Execute sendmail in the caller domain. ## </summary> ## <param name="domain"> @@ -484,12 +519,13 @@ interface(`mta_send_mail',` ## </summary> ## </param> # -interface(`mta_exec',` +interface(`mta_sendmail_exec',` gen_require(` type sendmail_exec_t; ') can_exec($1, sendmail_exec_t) + errprint(`bah $1'__endline__) ') ######################################## diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if index 6af71b9..28a0ca6 100644 --- a/refpolicy/policy/modules/services/sendmail.if +++ b/refpolicy/policy/modules/services/sendmail.if @@ -28,12 +28,10 @@ interface(`sendmail_stub',` # interface(`sendmail_domtrans',` gen_require(` - type sendmail_exec_t, sendmail_t; + type sendmail_t; ') - files_search_usr($1) - corecmd_search_sbin($1) - domain_auto_trans($1,sendmail_exec_t,sendmail_t) + mta_sendmail_domtrans($1,sendmail_t) allow $1 sendmail_t:fd use; allow sendmail_t $1:fd use;