* [refpolicy] services_mta.patch
@ 2008-10-14 20:31 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2008-10-14 20:31 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_mta.patch
Remove ifdef postfix.te
system_mail_t needs to work with exim and uucp
Handle nfs home dirs
Append to mail_spool
Can exec other mail executables
Needs fowner
Can use fifo files to communicate with itself.
Reads tmp files
Reads sysfs
sendmail >> log file is common
Handle nfs and samba for mailserver_delivery apps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj1AYUACgkQrlYvE4MpobPluQCbByB7AwwXYhYlPYqbwcVBrWnl
DTIAnjIDvCUXZVYgDRf6uuI7SfA3LYRc
=qmPI
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_mta.patch
@ 2009-03-24 13:46 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2009-03-24 13:46 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_mta.patch
Lots of fixes for mta interfaces
system_mail_t needs fowner and uses fifo files
Mailers are always reading /tmp files
Mailers user inodify and inodefs
I allow system mail to be appended to all logs since confined domains
are constantly redirecting stdout/stderr to log files
system_mail can be sent from apache_bugzill dirs
Gets executed from cron with redirection to cron pipes
add courier/exim mail
If you are a mailserver_delivery you need to write to users homedirs.
(nfs, cifs)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_mta.patch
@ 2009-06-09 0:45 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2009-06-09 0:45 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_mta.patch
Add label for mailx and courier/bin/sendmail, and esmtp, ssmtp
Add labeling for mail_forward files
Update interfaces for newwer domains.
Lots of minor fixes to run other executables under the system_mail type.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_mta.patch
@ 2009-11-12 21:40 Daniel J Walsh
2010-01-07 14:49 ` Christopher J. PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:40 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_mta.patch
Policy for ~/.forward
mail reads system state
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_mta.patch
2009-11-12 21:40 Daniel J Walsh
@ 2010-01-07 14:49 ` Christopher J. PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2010-01-07 14:49 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 16:40 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_mta.patch
>
> Policy for ~/.forward
>
> mail reads system state
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_mta.patch
@ 2010-02-23 21:51 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-02-23 21:51 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_mta.patch
+ mta_dontaudit_leaks_system_mail(nrpe_t)
+ mta_signal(httpd_t)
+ mta_list_queue(munin_t)
Lots of access for system_mail_t
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_mta.patch
@ 2010-08-26 22:35 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:35 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_mta.patch
Change mail_forward_t to mail_home_t and add dead.letter
Other fixes to handle leaks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx27BcACgkQrlYvE4MpobMj4ACgyGPRt486iFwXWXSymOvM1jub
npoAoMr6j+9kR/7CqKgiSpOBRgObcs4/
=9VH0
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-08-26 22:35 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-09 0:45 [refpolicy] services_mta.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 22:35 Daniel J Walsh
2010-02-23 21:51 Daniel J Walsh
2009-11-12 21:40 Daniel J Walsh
2010-01-07 14:49 ` Christopher J. PeBenito
2009-03-24 13:46 Daniel J Walsh
2008-10-14 20:31 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.