rpms/selinux-policy/devel policy-20081111.patch,1.18,1.19
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Dec 27 13:06:14 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1067
Modified Files:
policy-20081111.patch
Log Message:
* Sat Dec 27 2008 Dan Walsh <dwalsh at redhat.com> 3.6.1-14
- Change userdom_read_all_users_state to include reading symbolic links in /proc
policy-20081111.patch:
Index: policy-20081111.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20081111.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- policy-20081111.patch 27 Dec 2008 13:05:32 -0000 1.18
+++ policy-20081111.patch 27 Dec 2008 13:06:14 -0000 1.19
@@ -13504,7 +13504,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.1/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/munin.te 2008-12-18 11:36:14.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/munin.te 2008-12-27 07:23:35.000000000 -0500
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -13595,7 +13595,7 @@
userdom_dontaudit_use_unpriv_user_fds(munin_t)
userdom_dontaudit_search_user_home_dirs(munin_t)
-@@ -105,7 +126,30 @@
+@@ -105,7 +126,31 @@
')
optional_policy(`
@@ -13616,6 +13616,7 @@
+
+optional_policy(`
+ postfix_list_spool(munin_t)
++ postfix_getattr_spool_files(munin_t)
+')
+
+optional_policy(`
@@ -13627,7 +13628,7 @@
')
optional_policy(`
-@@ -115,3 +159,10 @@
+@@ -115,3 +160,10 @@
optional_policy(`
udev_read_db(munin_t)
')
@@ -16679,7 +16680,7 @@
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.1/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/postfix.if 2008-12-18 11:31:37.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/postfix.if 2008-12-27 07:23:23.000000000 -0500
@@ -174,9 +174,8 @@
type postfix_etc_t;
')
@@ -16740,28 +16741,49 @@
files_search_spool($1)
')
-@@ -437,10 +455,10 @@
+@@ -437,11 +455,30 @@
#
interface(`postfix_list_spool',`
gen_require(`
- type postfix_spool_t;
+ attribute postfix_spool_type;
++ ')
++
++ allow $1 postfix_spool_type:dir list_dir_perms;
++ files_search_spool($1)
++')
++
++########################################
++## <summary>
++## Getattr postfix mail spool files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`postfix_getattr_spool_files',`
++ gen_require(`
++ attribute postfix_spool_type;
')
- allow $1 postfix_spool_t:dir list_dir_perms;
-+ allow $1 postfix_spool_type:dir list_dir_perms;
files_search_spool($1)
++ getattr_files_pattern($1, postfix_spool_type, postfix_spool_type)
')
-@@ -456,11 +474,30 @@
+ ########################################
+@@ -456,11 +493,30 @@
#
interface(`postfix_read_spool_files',`
gen_require(`
- type postfix_spool_t;
+ attribute postfix_spool_type;
-+ ')
-+
-+ files_search_spool($1)
+ ')
+
+ files_search_spool($1)
+- read_files_pattern($1, postfix_spool_t, postfix_spool_t)
+ read_files_pattern($1, postfix_spool_type, postfix_spool_type)
+')
+
@@ -16778,15 +16800,14 @@
+interface(`postfix_manage_spool_files',`
+ gen_require(`
+ attribute postfix_spool_type;
- ')
-
- files_search_spool($1)
-- read_files_pattern($1, postfix_spool_t, postfix_spool_t)
++ ')
++
++ files_search_spool($1)
+ manage_files_pattern($1, postfix_spool_type, postfix_spool_type)
')
########################################
-@@ -481,3 +518,23 @@
+@@ -481,3 +537,23 @@
typeattribute $1 postfix_user_domtrans;
')
More information about the fedora-extras-commits
mailing list