rpms/selinux-policy/F-9 policy-20071130.patch,1.211,1.212
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Sep 19 14:42:26 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21006
Modified Files:
policy-20071130.patch
Log Message:
* Tue Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-92
- Dontaudit attempts to write user_tmp_t by gssd_t
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.211
retrieving revision 1.212
diff -u -r1.211 -r1.212
--- policy-20071130.patch 19 Sep 2008 14:26:23 -0000 1.211
+++ policy-20071130.patch 19 Sep 2008 14:42:25 -0000 1.212
@@ -19137,8 +19137,21 @@
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.3.1/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.if 2008-09-08 11:45:12.000000000 -0400
-@@ -211,6 +211,7 @@
++++ serefpolicy-3.3.1/policy/modules/services/mailman.if 2008-09-19 10:41:32.000000000 -0400
+@@ -31,6 +31,12 @@
+ allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
+ allow mailman_$1_t self:udp_socket create_socket_perms;
+
++ files_search_spool(mailman_$1_t)
++
++ manage_dirs_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
++ manage_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
++ manage_lnk_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t)
++
+ manage_dirs_pattern(mailman_$1_t,mailman_data_t,mailman_data_t)
+ manage_files_pattern(mailman_$1_t,mailman_data_t,mailman_data_t)
+ manage_lnk_files_pattern(mailman_$1_t,mailman_data_t,mailman_data_t)
+@@ -211,6 +217,7 @@
type mailman_data_t;
')
@@ -19146,7 +19159,7 @@
manage_files_pattern($1,mailman_data_t,mailman_data_t)
')
-@@ -252,6 +253,25 @@
+@@ -252,6 +259,25 @@
#######################################
## <summary>
@@ -19174,7 +19187,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.3.1/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.te 2008-09-11 13:48:31.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mailman.te 2008-09-19 10:40:19.000000000 -0400
@@ -53,10 +53,9 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -19208,6 +19221,18 @@
ifdef(`TODO',`
optional_policy(`
+@@ -107,5 +117,10 @@
+ su_exec(mailman_queue_t)
+
+ optional_policy(`
+- cron_system_entry(mailman_queue_t,mailman_queue_exec_t)
++ apache_read_config(mailman_queue_t)
+ ')
++
++optional_policy(`
++ cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.3.1/policy/modules/services/mailscanner.fc
--- nsaserefpolicy/policy/modules/services/mailscanner.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc 2008-09-08 11:45:12.000000000 -0400
More information about the fedora-extras-commits
mailing list