[or-cvs] r20582: {projects} Add selinux module for gitweb's postfix. (in projects/misc-sysadmin: . selinux selinux/postfix)
mikeperry at seul.org
mikeperry at seul.org
Tue Sep 15 21:21:08 UTC 2009
Author: mikeperry
Date: 2009-09-15 17:21:08 -0400 (Tue, 15 Sep 2009)
New Revision: 20582
Added:
projects/misc-sysadmin/selinux/postfix/
projects/misc-sysadmin/selinux/postfix/githax_postfix.te
Modified:
projects/misc-sysadmin/00_CAPTAINS.LOG
Log:
Add selinux module for gitweb's postfix.
Modified: projects/misc-sysadmin/00_CAPTAINS.LOG
===================================================================
--- projects/misc-sysadmin/00_CAPTAINS.LOG 2009-09-15 20:36:35 UTC (rev 20581)
+++ projects/misc-sysadmin/00_CAPTAINS.LOG 2009-09-15 21:21:08 UTC (rev 20582)
@@ -18,7 +18,8 @@
- Installed pwgen
TODO:
- https://svn.torproject.org/svn/torperf/trunk/measurements-HOWTO
+ - https://svn.torproject.org/svn/torperf/trunk/measurements-HOWTO
+ - http://www.pixelbeat.org/scripts/timeout
SELinux:
- Enabled selinux targeted policy via /etc/sysconfig/selinux
Added: projects/misc-sysadmin/selinux/postfix/githax_postfix.te
===================================================================
--- projects/misc-sysadmin/selinux/postfix/githax_postfix.te (rev 0)
+++ projects/misc-sysadmin/selinux/postfix/githax_postfix.te 2009-09-15 21:21:08 UTC (rev 20582)
@@ -0,0 +1,14 @@
+module githax_postfix 1.0;
+
+require {
+ class capability { kill sys_module };
+ class file { append create execmod execute execute_no_trans getattr ioctl link lock read rename setattr unlink write };
+ type postfix_local_t;
+ type var_t;
+ type mail_spool_t;
+};
+
+
+#============= postfix_local_t ==============
+allow postfix_local_t mail_spool_t:file write;
+allow postfix_local_t var_t:file {getattr read};
More information about the tor-commits
mailing list