From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 12 Apr 2018 19:08:14 -0400
Subject: [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl
	certs
In-Reply-To: <20180412113806.2256-5-jason@perfinion.com>
References: <20180412113806.2256-1-jason@perfinion.com>
	<20180412113806.2256-5-jason@perfinion.com>
Message-ID: <a090ae03-c273-2dad-d3d1-9f7fce2a5e4a@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/12/2018 07:38 AM, Jason Zaman wrote:
> ---
>   mta.fc | 3 +++
>   mta.te | 1 +
>   2 files changed, 4 insertions(+)
> 
> diff --git a/mta.fc b/mta.fc
> index ace4a1f..66634b0 100644
> --- a/mta.fc
> +++ b/mta.fc
> @@ -2,6 +2,7 @@ HOME_DIR/\.esmtp_queue	--	gen_context(system_u:object_r:mail_home_t,s0)
>   HOME_DIR/\.forward[^/]*	--	gen_context(system_u:object_r:mail_home_t,s0)
>   HOME_DIR/dead\.letter	--	gen_context(system_u:object_r:mail_home_t,s0)
>   HOME_DIR/\.mailrc	--	gen_context(system_u:object_r:mail_home_t,s0)
> +HOME_DIR/\.msmtprc	--	gen_context(system_u:object_r:mail_home_t,s0)
>   HOME_DIR/Maildir(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
>   HOME_DIR/DovecotMail(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
>   HOME_DIR/\.maildir(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
> @@ -10,10 +11,12 @@ HOME_DIR/\.maildir(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
>   /etc/aliases\.db	--	gen_context(system_u:object_r:etc_aliases_t,s0)
>   /etc/mail(/.*)?	gen_context(system_u:object_r:etc_mail_t,s0)
>   /etc/mail/aliases.*	--	gen_context(system_u:object_r:etc_aliases_t,s0)
> +/etc/msmtprc		--	gen_context(system_u:object_r:etc_mail_t,s0)
>   /etc/postfix/aliases.*	--	gen_context(system_u:object_r:etc_aliases_t,s0)
>   
>   /usr/bin/esmtp	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
>   /usr/bin/mail(x)?	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
> +/usr/bin/msmtp	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
>   /usr/bin/rmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
>   /usr/bin/sendmail\.postfix	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
>   /usr/bin/sendmail(\.sendmail)?	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
> diff --git a/mta.te b/mta.te
> index 6320c52..b02ee2b 100644
> --- a/mta.te
> +++ b/mta.te
> @@ -109,6 +109,7 @@ init_dontaudit_rw_utmp(user_mail_domain)
>   
>   logging_send_syslog_msg(user_mail_domain)
>   
> +miscfiles_read_all_certs(user_mail_domain)
>   miscfiles_read_localization(user_mail_domain)
>   
>   tunable_policy(`use_samba_home_dirs',`

Merged.

-- 
Chris PeBenito