From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 15 Dec 2016 22:06:20 +0100 Subject: [refpolicy] [PATCH] Make several calls to mta interfaces optional Message-ID: <1481835980.24835.4.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Make several calls to mta interfaces optional policy. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/arpwatch.te | 4 +++- policy/modules/contrib/cvs.te | 6 ++++-- policy/modules/contrib/fail2ban.te | 6 ++++-- policy/modules/contrib/mojomojo.te | 4 +++- policy/modules/contrib/nagios.te | 8 +++++--- policy/modules/contrib/nut.te | 4 +++- policy/modules/contrib/smokeping.te | 6 ++++-- 7 files changed, 26 insertions(+), 12 deletions(-) diff -pru a/policy/modules/contrib/arpwatch.te b/policy/modules/contrib/arpwatch.te --- a/policy/modules/contrib/arpwatch.te 2016-10-29 16:29:19.662325285 +0200 +++ b/policy/modules/contrib/arpwatch.te 2016-12-15 21:15:19.541555771 +0100 @@ -74,7 +74,9 @@ miscfiles_read_localization(arpwatch_t) userdom_dontaudit_search_user_home_dirs(arpwatch_t) userdom_dontaudit_use_unpriv_user_fds(arpwatch_t) -mta_send_mail(arpwatch_t) +optional_policy(` + mta_send_mail(arpwatch_t) +') optional_policy(` seutil_sigchld_newrole(arpwatch_t) diff -pru a/policy/modules/contrib/cvs.te b/policy/modules/contrib/cvs.te --- a/policy/modules/contrib/cvs.te 2016-08-14 21:28:11.474519297 +0200 +++ b/policy/modules/contrib/cvs.te 2016-12-15 21:18:39.993733559 +0100 @@ -91,8 +91,6 @@ logging_send_audit_msgs(cvs_t) miscfiles_read_localization(cvs_t) -mta_send_mail(cvs_t) - userdom_dontaudit_search_user_home_dirs(cvs_t) # cjp: typeattribute doesnt work in conditionals yet @@ -109,6 +107,10 @@ optional_policy(` kerberos_dontaudit_write_config(cvs_t) ') +optional_policy(` + mta_send_mail(cvs_t) +') + ######################################## # # CVSWeb local policy diff -pru a/policy/modules/contrib/fail2ban.te b/policy/modules/contrib/fail2ban.te --- a/policy/modules/contrib/fail2ban.te 2016-08-14 21:28:11.486519481 +0200 +++ b/policy/modules/contrib/fail2ban.te 2016-12-15 21:20:06.429675340 +0100 @@ -99,8 +99,6 @@ miscfiles_read_localization(fail2ban_t) sysnet_manage_config(fail2ban_t) sysnet_etc_filetrans_config(fail2ban_t) -mta_send_mail(fail2ban_t) - optional_policy(` apache_read_log(fail2ban_t) ') @@ -118,6 +116,10 @@ optional_policy(` ') optional_policy(` + mta_send_mail(fail2ban_t) +') + +optional_policy(` shorewall_domtrans(fail2ban_t) ') diff -pru a/policy/modules/contrib/mojomojo.te b/policy/modules/contrib/mojomojo.te --- a/policy/modules/contrib/mojomojo.te 2016-08-14 21:28:11.520520004 +0200 +++ b/policy/modules/contrib/mojomojo.te 2016-12-15 21:14:25.131966201 +0100 @@ -22,4 +22,6 @@ files_search_var_lib(httpd_mojomojo_scri sysnet_dns_name_resolve(httpd_mojomojo_script_t) -mta_send_mail(httpd_mojomojo_script_t) +optional_policy(` + mta_send_mail(httpd_mojomojo_script_t) +') diff -pru a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te --- a/policy/modules/contrib/nagios.te 2016-08-14 21:28:11.525520081 +0200 +++ b/policy/modules/contrib/nagios.te 2016-12-15 21:25:16.399065452 +0100 @@ -158,9 +158,11 @@ miscfiles_read_localization(nagios_t) userdom_dontaudit_use_unpriv_user_fds(nagios_t) userdom_dontaudit_search_user_home_dirs(nagios_t) -mta_send_mail(nagios_t) -mta_signal_system_mail(nagios_t) -mta_kill_system_mail(nagios_t) +optional_policy(` + mta_send_mail(nagios_t) + mta_signal_system_mail(nagios_t) + mta_kill_system_mail(nagios_t) +') optional_policy(` netutils_kill_ping(nagios_t) diff -pru a/policy/modules/contrib/nut.te b/policy/modules/contrib/nut.te --- a/policy/modules/contrib/nut.te 2016-08-14 21:28:11.530520158 +0200 +++ b/policy/modules/contrib/nut.te 2016-12-15 21:26:09.709650446 +0100 @@ -116,7 +116,9 @@ term_write_all_terms(nut_upsmon_t) auth_use_nsswitch(nut_upsmon_t) -mta_send_mail(nut_upsmon_t) +optional_policy(` + mta_send_mail(nut_upsmon_t) +') optional_policy(` shutdown_domtrans(nut_upsmon_t) diff -pru a/policy/modules/contrib/smokeping.te b/policy/modules/contrib/smokeping.te --- a/policy/modules/contrib/smokeping.te 2016-08-14 21:28:11.572520803 +0200 +++ b/policy/modules/contrib/smokeping.te 2016-12-15 21:21:00.183261822 +0100 @@ -49,10 +49,12 @@ logging_send_syslog_msg(smokeping_t) miscfiles_read_localization(smokeping_t) -mta_send_mail(smokeping_t) - netutils_domtrans_ping(smokeping_t) +optional_policy(` + mta_send_mail(smokeping_t) +') + ####################################### # # Cgi local policy