42 lines
1.2 KiB
Diff
42 lines
1.2 KiB
Diff
From c43df4f0131a7870beef94eb9c5a5fb048379566 Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Wed, 24 Nov 2021 16:13:35 +0100
|
|
Subject: [PATCH] Allow svnserve send mail from the system
|
|
|
|
Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/c43df4f0131a7870beef94eb9c5a5fb048379566
|
|
Conflict: NA
|
|
|
|
If a svn hook needs to send an e-mail, the service needs to be allowed
|
|
to execute an MTA program. In this commit, the mta_send_mail() interface
|
|
call for svnserve_t was added to allow permissions to execute types from
|
|
the mta_exec_type attribute which currently is:
|
|
- courier_exec_t
|
|
- exim_exec_t
|
|
- postfix_postdrop_t
|
|
- sendmail_exec_t
|
|
|
|
Resolves: rhbz#2004843
|
|
Signed-off-by: lujie54 <lujie54@huawei.com>
|
|
---
|
|
policy/modules/contrib/svnserve.te | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/policy/modules/contrib/svnserve.te b/policy/modules/contrib/svnserve.te
|
|
index 874e7c2..c603551 100644
|
|
--- a/policy/modules/contrib/svnserve.te
|
|
+++ b/policy/modules/contrib/svnserve.te
|
|
@@ -90,6 +90,10 @@ optional_policy(`
|
|
')
|
|
|
|
optional_policy(`
|
|
+ mta_send_mail(svnserve_t)
|
|
+')
|
|
+
|
|
+optional_policy(`
|
|
sasl_connect(svnserve_t)
|
|
')
|
|
|
|
--
|
|
1.8.3.1
|
|
|