From: icon@fedoraproject.org (Konstantin Ryabitsev)
Date: Mon, 13 Feb 2012 10:22:24 -0500
Subject: [refpolicy] [PATCH] Allow gitolite to send mail
Message-ID: <1329146544.13544.7.camel@i5.mricon.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

One of the most commonly used hooks in gitolite is
the ability to invoke sendmail to send out notifications
whenever someone commits to a repository. This sets up
a tunable policy that preserves current behaviour (not
allowed to send mail) unless gitosis_can_sendmail is set
to true.
---
 gitosis.te |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/gitosis.te b/gitosis.te
index 8bcd98d..33e6737 100644
--- a/gitosis.te
+++ b/gitosis.te
@@ -39,3 +39,10 @@ files_search_var_lib(gitosis_t)
 miscfiles_read_localization(gitosis_t)
 
 sysnet_read_config(gitosis_t)
+
+gen_tunable(gitosis_can_sendmail, false)
+
+tunable_policy(`gitosis_can_sendmail',`
+    mta_send_mail(gitosis_t)
+')
+
-- 
1.7.7.6


-- 
Konstantin Ryabitsev
Systems Administrator
The Linux Foundation
Montr?al, Qu?bec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20120213/757eddd0/attachment.bin