From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 15 Dec 2016 22:06:20 +0100
Subject: [refpolicy] [PATCH] Make several calls to mta interfaces optional
Message-ID: <1481835980.24835.4.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Make several calls to mta interfaces optional policy.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/arpwatch.te  |    4 +++-
 policy/modules/contrib/cvs.te       |    6 ++++--
 policy/modules/contrib/fail2ban.te  |    6 ++++--
 policy/modules/contrib/mojomojo.te  |    4 +++-
 policy/modules/contrib/nagios.te    |    8 +++++---
 policy/modules/contrib/nut.te       |    4 +++-
 policy/modules/contrib/smokeping.te |    6 ++++--
 7 files changed, 26 insertions(+), 12 deletions(-)

diff -pru a/policy/modules/contrib/arpwatch.te b/policy/modules/contrib/arpwatch.te
--- a/policy/modules/contrib/arpwatch.te	2016-10-29 16:29:19.662325285 +0200
+++ b/policy/modules/contrib/arpwatch.te	2016-12-15 21:15:19.541555771 +0100
@@ -74,7 +74,9 @@ miscfiles_read_localization(arpwatch_t)
 userdom_dontaudit_search_user_home_dirs(arpwatch_t)
 userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
 
-mta_send_mail(arpwatch_t)
+optional_policy(`
+	mta_send_mail(arpwatch_t)
+')
 
 optional_policy(`
 	seutil_sigchld_newrole(arpwatch_t)
diff -pru a/policy/modules/contrib/cvs.te b/policy/modules/contrib/cvs.te
--- a/policy/modules/contrib/cvs.te	2016-08-14 21:28:11.474519297 +0200
+++ b/policy/modules/contrib/cvs.te	2016-12-15 21:18:39.993733559 +0100
@@ -91,8 +91,6 @@ logging_send_audit_msgs(cvs_t)
 
 miscfiles_read_localization(cvs_t)
 
-mta_send_mail(cvs_t)
-
 userdom_dontaudit_search_user_home_dirs(cvs_t)
 
 # cjp: typeattribute doesnt work in conditionals yet
@@ -109,6 +107,10 @@ optional_policy(`
 	kerberos_dontaudit_write_config(cvs_t)
 ')
 
+optional_policy(`
+	mta_send_mail(cvs_t)
+')
+
 ########################################
 #
 # CVSWeb local policy
diff -pru a/policy/modules/contrib/fail2ban.te b/policy/modules/contrib/fail2ban.te
--- a/policy/modules/contrib/fail2ban.te	2016-08-14 21:28:11.486519481 +0200
+++ b/policy/modules/contrib/fail2ban.te	2016-12-15 21:20:06.429675340 +0100
@@ -99,8 +99,6 @@ miscfiles_read_localization(fail2ban_t)
 sysnet_manage_config(fail2ban_t)
 sysnet_etc_filetrans_config(fail2ban_t)
 
-mta_send_mail(fail2ban_t)
-
 optional_policy(`
 	apache_read_log(fail2ban_t)
 ')
@@ -118,6 +116,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	mta_send_mail(fail2ban_t)
+')
+
+optional_policy(`
 	shorewall_domtrans(fail2ban_t)
 ')
 
diff -pru a/policy/modules/contrib/mojomojo.te b/policy/modules/contrib/mojomojo.te
--- a/policy/modules/contrib/mojomojo.te	2016-08-14 21:28:11.520520004 +0200
+++ b/policy/modules/contrib/mojomojo.te	2016-12-15 21:14:25.131966201 +0100
@@ -22,4 +22,6 @@ files_search_var_lib(httpd_mojomojo_scri
 
 sysnet_dns_name_resolve(httpd_mojomojo_script_t)
 
-mta_send_mail(httpd_mojomojo_script_t)
+optional_policy(`
+	mta_send_mail(httpd_mojomojo_script_t)
+')
diff -pru a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te
--- a/policy/modules/contrib/nagios.te	2016-08-14 21:28:11.525520081 +0200
+++ b/policy/modules/contrib/nagios.te	2016-12-15 21:25:16.399065452 +0100
@@ -158,9 +158,11 @@ miscfiles_read_localization(nagios_t)
 userdom_dontaudit_use_unpriv_user_fds(nagios_t)
 userdom_dontaudit_search_user_home_dirs(nagios_t)
 
-mta_send_mail(nagios_t)
-mta_signal_system_mail(nagios_t)
-mta_kill_system_mail(nagios_t)
+optional_policy(`
+	mta_send_mail(nagios_t)
+	mta_signal_system_mail(nagios_t)
+	mta_kill_system_mail(nagios_t)
+')
 
 optional_policy(`
 	netutils_kill_ping(nagios_t)
diff -pru a/policy/modules/contrib/nut.te b/policy/modules/contrib/nut.te
--- a/policy/modules/contrib/nut.te	2016-08-14 21:28:11.530520158 +0200
+++ b/policy/modules/contrib/nut.te	2016-12-15 21:26:09.709650446 +0100
@@ -116,7 +116,9 @@ term_write_all_terms(nut_upsmon_t)
 
 auth_use_nsswitch(nut_upsmon_t)
 
-mta_send_mail(nut_upsmon_t)
+optional_policy(`
+	mta_send_mail(nut_upsmon_t)
+')
 
 optional_policy(`
 	shutdown_domtrans(nut_upsmon_t)
diff -pru a/policy/modules/contrib/smokeping.te b/policy/modules/contrib/smokeping.te
--- a/policy/modules/contrib/smokeping.te	2016-08-14 21:28:11.572520803 +0200
+++ b/policy/modules/contrib/smokeping.te	2016-12-15 21:21:00.183261822 +0100
@@ -49,10 +49,12 @@ logging_send_syslog_msg(smokeping_t)
 
 miscfiles_read_localization(smokeping_t)
 
-mta_send_mail(smokeping_t)
-
 netutils_domtrans_ping(smokeping_t)
 
+optional_policy(`
+	mta_send_mail(smokeping_t)
+')
+
 #######################################
 #
 # Cgi local policy