[gentoo-commits] proj/hardened-refpolicy:mailinfra commit in: policy/modules/contrib/

Sven Vermeulen Sun, 24 Aug 2014 01:03:08 -0700

commit:     d79c9c8d3840afdece3a9b93b5d426d611e14819
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Aug 23 19:16:31 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Aug 23 19:16:31 2014 +0000
URL:        
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d79c9c8d


Use postfix_user_sendmail_privs

---
 policy/modules/contrib/mail.te | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/policy/modules/contrib/mail.te b/policy/modules/contrib/mail.te
index 68af687..aad451d 100644
--- a/policy/modules/contrib/mail.te
+++ b/policy/modules/contrib/mail.te
@@ -68,18 +68,5 @@ miscfiles_read_localization(user_sendmail_t)
 
 # Postfix implementation specifics
 ifdef(`use_postfix',`
-       # TODO Bring this into a postfix_sendmail_privs interface
-       allow user_sendmail_t self:process { setrlimit };
-       allow user_sendmail_t self:tcp_socket create_socket_perms;
-       allow user_sendmail_t self:unix_dgram_socket create_socket_perms;
-
-       kernel_read_network_state(user_sendmail_t)
-
-       auth_use_nsswitch(user_sendmail_t)
-
-       logging_send_syslog_msg(user_sendmail_t)
-
-       postfix_domtrans_postdrop(user_sendmail_t)
-       postfix_read_config(user_sendmail_t)
-       postfix_read_spool_files(user_sendmail_t)
+       postfix_user_sendmail_privs(user_sendmail_t)
 ')

[gentoo-commits] proj/hardened-refpolicy:mailinfra commit in: policy/modules/contrib/

Reply via email to