From: domg472@gmail.com (Dominick Grift)
Date: Wed, 24 Feb 2010 13:00:42 +0100
Subject: [refpolicy] [ amavis patch 1/1] Various amavis fixes.
Message-ID: <20100224120039.GA4752@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Create amavis_initrc_domtrans.
Call amavis_initrc_domtrans from amavis_admin.
Remove obsolete require.
Allow domains to search bin to enable run amavis executable.

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 db18f31... 22523cd... M	policy/modules/services/amavis.if
 policy/modules/services/amavis.if |   22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
index db18f31..22523cd 100644
--- a/policy/modules/services/amavis.if
+++ b/policy/modules/services/amavis.if
@@ -18,11 +18,30 @@ interface(`amavis_domtrans',`
 		type amavis_t, amavis_exec_t;
 	')
 
+	corecmd_search_bin($1)
 	domtrans_pattern($1, amavis_exec_t, amavis_t)
 ')
 
 ########################################
 ## <summary>
+##	Execute amavis server in the amavis domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`amavis_initrc_domtrans',`
+	gen_require(`
+		type afs_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
+')
+
+########################################
+## <summary>
 ##	Read amavis spool files.
 ## </summary>
 ## <param name="domain">
@@ -209,13 +228,12 @@ interface(`amavis_admin',`
 		type amavis_t, amavis_tmp_t, amavis_var_log_t;
 		type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t;
 		type amavis_etc_t, amavis_quarantine_t;
- 		type amavis_initrc_exec_t;
 	')
 
 	allow $1 amavis_t:process { ptrace signal_perms };
 	ps_process_pattern($1, amavis_t)
 
-	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
+	amavis_initrc_domtrans($1)
  	domain_system_change_exemption($1)
  	role_transition $2 amavis_initrc_exec_t system_r;
  	allow $2 system_r;
-- 
1.6.6.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100224/282db56f/attachment.bin