/usr/share/selinux/ubuntu/include/services/sendmail.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | ## <summary>Policy for sendmail.</summary>
########################################
## <summary>
## Sendmail stub interface. No access allowed.
## </summary>
## <param name="domain" unused="true">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sendmail_stub',`
gen_require(`
type sendmail_t;
')
')
########################################
## <summary>
## Domain transition to sendmail.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sendmail_domtrans',`
gen_require(`
type sendmail_t;
')
mta_sendmail_domtrans($1, sendmail_t)
allow $1 sendmail_t:fd use;
allow sendmail_t $1:fd use;
allow sendmail_t $1:fifo_file rw_file_perms;
allow sendmail_t $1:process sigchld;
')
########################################
## <summary>
## Send generic signals to sendmail.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sendmail_signal',`
gen_require(`
type sendmail_t;
')
allow $1 sendmail_t:process signal;
')
########################################
## <summary>
## Read and write sendmail TCP sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sendmail_rw_tcp_sockets',`
gen_require(`
type sendmail_t;
')
allow $1 sendmail_t:tcp_socket { read write };
')
########################################
## <summary>
## Read and write sendmail unix_stream_sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sendmail_rw_unix_stream_sockets',`
gen_require(`
type sendmail_t;
')
allow $1 sendmail_t:unix_stream_socket { read write };
')
########################################
## <summary>
## Read sendmail logs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`sendmail_read_log',`
gen_require(`
type sendmail_log_t;
')
logging_search_logs($1)
read_files_pattern($1, sendmail_log_t, sendmail_log_t)
')
########################################
## <summary>
## Create, read, write, and delete sendmail logs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`sendmail_manage_log',`
gen_require(`
type sendmail_log_t;
')
logging_search_logs($1)
manage_files_pattern($1, sendmail_log_t, sendmail_log_t)
')
########################################
## <summary>
## Create sendmail logs with the correct type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sendmail_create_log',`
gen_require(`
type sendmail_log_t;
')
logging_log_filetrans($1, sendmail_log_t, file)
')
|