Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232606 - allow cyrus-imapd to send emails
Summary: allow cyrus-imapd to send emails
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-16 12:35 UTC by Kostas Georgiou
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-20 15:54:25 UTC


Attachments (Terms of Use)

Description Kostas Georgiou 2007-03-16 12:35:08 UTC
To allow cyrus-imapd to send emails (a sieve reject rule for example) the
following module is needed.

module mycyrusimapd 1.0.8;

require {
  class dir { getattr search add_name read remove_name write };
  class file { read getattr create lock rename unlink write execute
execute_no_trans };
  class lnk_file read;
  type cyrus_t;
  type etc_mail_t;
  type mqueue_spool_t;
  type sendmail_exec_t;
  type sbin_t;
  role system_r;
};

allow cyrus_t sbin_t:dir search;
allow cyrus_t sbin_t:lnk_file read;
allow cyrus_t etc_mail_t:dir { getattr search };
allow cyrus_t etc_mail_t:file { getattr read };
allow cyrus_t mqueue_spool_t:dir { add_name getattr read remove_name search write };
allow cyrus_t mqueue_spool_t:file { create getattr lock read rename unlink write };
allow cyrus_t sendmail_exec_t:file { execute read execute_no_trans };

Comment 1 Daniel Walsh 2007-03-20 15:39:58 UTC
mta_send_mail(cyrus_t)
 Would have been a better interface to use.

selinux-policy-2.4.6-46.fc6

Comment 2 Kostas Georgiou 2007-03-20 15:54:25 UTC
Thanks, I wasn't even aware that mta_send_mail() existed until now :) I have to
read the docs at some point I guess ;P


Note You need to log in before you can comment on or make changes to this bug.