From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1019378-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DF5421382C5
	for <garchives@archives.gentoo.org>; Sun, 22 Apr 2018 12:00:54 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0E2DFE091F;
	Sun, 22 Apr 2018 12:00:50 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DD6CEE0922
	for <gentoo-commits@lists.gentoo.org>; Sun, 22 Apr 2018 12:00:49 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 082C1335C7E
	for <gentoo-commits@lists.gentoo.org>; Sun, 22 Apr 2018 12:00:49 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 2A4DB2A6
	for <gentoo-commits@lists.gentoo.org>; Sun, 22 Apr 2018 12:00:45 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1524398039.bd2b8d19d0ad21719a31065a325e8bf083dc623f.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/mta.fc policy/modules/contrib/mta.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: bd2b8d19d0ad21719a31065a325e8bf083dc623f
X-VCS-Branch: master
Date: Sun, 22 Apr 2018 12:00:45 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 60fc4253-48fd-4581-88c6-ad99f84ff11a
X-Archives-Hash: aebdeb0bcfc6bf6d35ae84d3df50b93c

commit:     bd2b8d19d0ad21719a31065a325e8bf083dc623f
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Apr 12 11:38:05 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 11:53:59 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd2b8d19

mta: Add msmtp fcontexts and allow ssl certs

 policy/modules/contrib/mta.fc | 3 +++
 policy/modules/contrib/mta.te | 1 +
 2 files changed, 4 insertions(+)

diff --git a/policy/modules/contrib/mta.fc b/policy/modules/contrib/mta.fc
index ace4a1f1..66634b0c 100644
--- a/policy/modules/contrib/mta.fc
+++ b/policy/modules/contrib/mta.fc
@@ -2,6 +2,7 @@ HOME_DIR/\.esmtp_queue	--	gen_context(system_u:object_r:mail_home_t,s0)
 HOME_DIR/\.forward[^/]*	--	gen_context(system_u:object_r:mail_home_t,s0)
 HOME_DIR/dead\.letter	--	gen_context(system_u:object_r:mail_home_t,s0)
 HOME_DIR/\.mailrc	--	gen_context(system_u:object_r:mail_home_t,s0)
+HOME_DIR/\.msmtprc	--	gen_context(system_u:object_r:mail_home_t,s0)
 HOME_DIR/Maildir(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
 HOME_DIR/DovecotMail(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
 HOME_DIR/\.maildir(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
@@ -10,10 +11,12 @@ HOME_DIR/\.maildir(/.*)?	gen_context(system_u:object_r:mail_home_rw_t,s0)
 /etc/aliases\.db	--	gen_context(system_u:object_r:etc_aliases_t,s0)
 /etc/mail(/.*)?	gen_context(system_u:object_r:etc_mail_t,s0)
 /etc/mail/aliases.*	--	gen_context(system_u:object_r:etc_aliases_t,s0)
+/etc/msmtprc		--	gen_context(system_u:object_r:etc_mail_t,s0)
 /etc/postfix/aliases.*	--	gen_context(system_u:object_r:etc_aliases_t,s0)
 
 /usr/bin/esmtp	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 /usr/bin/mail(x)?	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
+/usr/bin/msmtp	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 /usr/bin/rmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 /usr/bin/sendmail\.postfix	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 /usr/bin/sendmail(\.sendmail)?	--	gen_context(system_u:object_r:sendmail_exec_t,s0)

diff --git a/policy/modules/contrib/mta.te b/policy/modules/contrib/mta.te
index 996c1fb5..01183ef1 100644
--- a/policy/modules/contrib/mta.te
+++ b/policy/modules/contrib/mta.te
@@ -109,6 +109,7 @@ init_dontaudit_rw_utmp(user_mail_domain)
 
 logging_send_syslog_msg(user_mail_domain)
 
+miscfiles_read_all_certs(user_mail_domain)
 miscfiles_read_localization(user_mail_domain)
 
 tunable_policy(`use_samba_home_dirs',`