rpms/selinux-policy/F-9 policy-20071130.patch,1.242,1.243
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 25 16:22:56 UTC 2008
- Previous message (by thread): rpms/sugar-jukebox/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/asymptote/devel .cvsignore, 1.35, 1.36 asymptote.spec, 1.43, 1.44 sources, 1.35, 1.36
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14144
Modified Files:
policy-20071130.patch
Log Message:
* Mon Nov 24 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-114
- Add minimum policy
- Split out doc package
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -r1.242 -r1.243
--- policy-20071130.patch 24 Nov 2008 19:44:30 -0000 1.242
+++ policy-20071130.patch 25 Nov 2008 16:22:55 -0000 1.243
@@ -23824,7 +23824,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te 2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te 2008-11-25 08:33:26.000000000 -0500
@@ -6,6 +6,14 @@
# Declarations
#
@@ -24056,7 +24056,21 @@
########################################
#
# Postfix qmgr local policy
-@@ -532,9 +597,6 @@
+@@ -519,6 +584,13 @@
+
+ files_dontaudit_getattr_home_dir(postfix_smtp_t)
+
++# postfix checks the size of all mounted file systems
++fs_getattr_all_dirs(postfix_smtpd_t)
++fs_getattr_all_fs(postfix_smtpd_t)
++
++
++mta_read_aliases(postfix_smtpd_t)
++
+ optional_policy(`
+ cyrus_stream_connect(postfix_smtp_t)
+ ')
+@@ -532,9 +604,6 @@
# connect to master process
stream_connect_pattern(postfix_smtpd_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
@@ -24066,7 +24080,7 @@
# for prng_exch
allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
allow postfix_smtpd_t postfix_prng_t:file rw_file_perms;
-@@ -557,6 +619,10 @@
+@@ -557,6 +626,10 @@
sasl_connect(postfix_smtpd_t)
')
@@ -24077,7 +24091,7 @@
########################################
#
# Postfix virtual local policy
-@@ -572,7 +638,7 @@
+@@ -572,7 +645,7 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -28505,7 +28519,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te 2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.te 2008-11-25 10:40:56.000000000 -0500
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -28594,18 +28608,18 @@
optional_policy(`
clamav_search_lib(sendmail_t)
+ clamav_stream_connect(sendmail_t)
- ')
-
- optional_policy(`
-- postfix_exec_master(sendmail_t)
-+ cyrus_stream_connect(sendmail_t)
+')
+
+optional_policy(`
-+ munin_dontaudit_search_lib(sendmail_t)
++ cyrus_stream_connect(sendmail_t)
+')
+
+optional_policy(`
++ munin_dontaudit_search_lib(sendmail_t)
+ ')
+
+ optional_policy(`
+- postfix_exec_master(sendmail_t)
+ postfix_domtrans_postdrop(sendmail_t)
+ postfix_domtrans_master(sendmail_t)
postfix_read_config(sendmail_t)
@@ -28618,7 +28632,7 @@
')
optional_policy(`
-@@ -125,24 +153,25 @@
+@@ -125,24 +153,29 @@
')
optional_policy(`
@@ -28645,6 +28659,10 @@
-# When sendmail runs as user_mail_domain, it needs some extra permissions
-# to update /etc/mail/statistics.
-allow user_mail_domain etc_mail_t:file rw_file_perms;
++optional_policy(`
++ uucp_domtrans_uux(sendmail_t)
++')
++
+########################################
+#
+# Unconfined sendmail local policy
@@ -33907,7 +33925,7 @@
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2008-11-13 18:32:07.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2008-11-24 16:05:51.000000000 -0500
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -34120,7 +34138,7 @@
')
')
-@@ -1491,3 +1561,78 @@
+@@ -1491,3 +1561,80 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -34197,7 +34215,9 @@
+ type auth_cache_t;
+ ')
+
-+ files_var_filetrans($1,auth_cache_t,file)
++ manage_files_pattern($1, auth_cache_t, auth_cache_t)
++ manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
++ files_var_filetrans($1,auth_cache_t,{ file dir } )
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.3.1/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-06-12 23:38:01.000000000 -0400
@@ -35157,8 +35177,17 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.3.1/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc 2008-11-05 10:39:34.000000000 -0500
-@@ -26,6 +26,7 @@
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc 2008-11-25 09:56:41.000000000 -0500
+@@ -16,6 +16,8 @@
+ /usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+
++/usr/libexec/ipsec/_plutoload -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
++/usr/libexec/ipsec/_plutorun -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
+ /usr/libexec/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+@@ -26,6 +28,7 @@
/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
- Previous message (by thread): rpms/sugar-jukebox/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/asymptote/devel .cvsignore, 1.35, 1.36 asymptote.spec, 1.43, 1.44 sources, 1.35, 1.36
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list