All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] [PATCH] Allow gitolite to send mail
@ 2012-02-13 15:22 Konstantin Ryabitsev
  2012-02-21 19:18 ` Christopher J. PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Konstantin Ryabitsev @ 2012-02-13 15:22 UTC (permalink / raw)
  To: refpolicy

One of the most commonly used hooks in gitolite is
the ability to invoke sendmail to send out notifications
whenever someone commits to a repository. This sets up
a tunable policy that preserves current behaviour (not
allowed to send mail) unless gitosis_can_sendmail is set
to true.
---
 gitosis.te |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/gitosis.te b/gitosis.te
index 8bcd98d..33e6737 100644
--- a/gitosis.te
+++ b/gitosis.te
@@ -39,3 +39,10 @@ files_search_var_lib(gitosis_t)
 miscfiles_read_localization(gitosis_t)
 
 sysnet_read_config(gitosis_t)
+
+gen_tunable(gitosis_can_sendmail, false)
+
+tunable_policy(`gitosis_can_sendmail',`
+    mta_send_mail(gitosis_t)
+')
+
-- 
1.7.7.6


-- 
Konstantin Ryabitsev
Systems Administrator
The Linux Foundation
Montr?al, Qu?bec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20120213/757eddd0/attachment.bin 

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [refpolicy] [PATCH] Allow gitolite to send mail
  2012-02-13 15:22 [refpolicy] [PATCH] Allow gitolite to send mail Konstantin Ryabitsev
@ 2012-02-21 19:18 ` Christopher J. PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2012-02-21 19:18 UTC (permalink / raw)
  To: refpolicy

On 2/13/2012 10:22 AM, Konstantin Ryabitsev wrote:
> One of the most commonly used hooks in gitolite is
> the ability to invoke sendmail to send out notifications
> whenever someone commits to a repository. This sets up
> a tunable policy that preserves current behaviour (not
> allowed to send mail) unless gitosis_can_sendmail is set
> to true.
> ---
>   gitosis.te |    7 +++++++
>   1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/gitosis.te b/gitosis.te
> index 8bcd98d..33e6737 100644
> --- a/gitosis.te
> +++ b/gitosis.te
> @@ -39,3 +39,10 @@ files_search_var_lib(gitosis_t)
>   miscfiles_read_localization(gitosis_t)
>
>   sysnet_read_config(gitosis_t)
> +
> +gen_tunable(gitosis_can_sendmail, false)
> +
> +tunable_policy(`gitosis_can_sendmail',`
> +    mta_send_mail(gitosis_t)
> +')
> +

I'm fine with adding the tunable, but I think it should be called gitosis_send_mail.  Also, the style needs to be fixed -- the tunable declaration needs to be moved up and XML documented.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-02-21 19:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-13 15:22 [refpolicy] [PATCH] Allow gitolite to send mail Konstantin Ryabitsev
2012-02-21 19:18 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.