From 0a77288692196eca7c69bdd667239e7342fc59f3 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 18 Jan 2006 18:45:23 +0000 Subject: [PATCH] fixes from dan --- refpolicy/Changelog | 1 + refpolicy/policy/modules/kernel/files.if | 3 +-- refpolicy/policy/modules/services/fetchmail.te | 8 +++++++- refpolicy/policy/modules/services/hal.te | 3 ++- refpolicy/policy/modules/services/procmail.te | 3 ++- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 9a5802c9..66bd9d5f 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,4 @@ +- Miscellaneous fixes from Dan Walsh. - Change initrc_var_run_t interface noun from script_pid to utmp, for greater clarity. - Added modules: diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if index 4f6c9f40..b269b63e 100644 --- a/refpolicy/policy/modules/kernel/files.if +++ b/refpolicy/policy/modules/kernel/files.if @@ -2135,10 +2135,9 @@ interface(`files_dontaudit_getattr_tmp_dir',` interface(`files_search_tmp',` gen_require(` type tmp_t; - class dir search; ') - allow $1 tmp_t:dir search; + allow $1 tmp_t:dir search_dir_perms; ') ######################################## diff --git a/refpolicy/policy/modules/services/fetchmail.te b/refpolicy/policy/modules/services/fetchmail.te index 44a83815..d1f3a037 100644 --- a/refpolicy/policy/modules/services/fetchmail.te +++ b/refpolicy/policy/modules/services/fetchmail.te @@ -1,5 +1,5 @@ -policy_module(fetchmail,1.0.0) +policy_module(fetchmail,1.0.1) ######################################## # @@ -29,6 +29,7 @@ allow fetchmail_t self:unix_dgram_socket create_socket_perms; allow fetchmail_t self:unix_stream_socket create_stream_socket_perms; allow fetchmail_t self:tcp_socket create_socket_perms; allow fetchmail_t self:udp_socket create_socket_perms; +allow fetchmail_t self:netlink_route_socket r_netlink_socket_perms; allow fetchmail_t fetchmail_etc_t:file r_file_perms; @@ -41,6 +42,7 @@ files_filetrans_pid(fetchmail_t,fetchmail_var_run_t) kernel_read_kernel_sysctl(fetchmail_t) kernel_list_proc(fetchmail_t) +kernel_getattr_proc_files(fetchmail_t) kernel_read_proc_symlinks(fetchmail_t) corenet_non_ipsec_sendrecv(fetchmail_t) @@ -59,8 +61,11 @@ corenet_udp_bind_all_nodes(fetchmail_t) corenet_tcp_connect_all_ports(fetchmail_t) dev_read_sysfs(fetchmail_t) +dev_read_rand(fetchmail_t) +dev_read_urand(fetchmail_t) files_read_etc_files(fetchmail_t) +files_read_etc_runtime_files(fetchmail_t) fs_getattr_all_fs(fetchmail_t) fs_search_auto_mountpoints(fetchmail_t) @@ -78,6 +83,7 @@ libs_use_shared_libs(fetchmail_t) logging_send_syslog_msg(fetchmail_t) miscfiles_read_localization(fetchmail_t) +miscfiles_read_certs(fetchmail_t) sysnet_read_config(fetchmail_t) diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te index fc9c1793..07a9fb27 100644 --- a/refpolicy/policy/modules/services/hal.te +++ b/refpolicy/policy/modules/services/hal.te @@ -1,5 +1,5 @@ -policy_module(hal,1.2.0) +policy_module(hal,1.2.1) ######################################## # @@ -139,6 +139,7 @@ ifdef(`targeted_policy', ` term_dontaudit_use_unallocated_tty(hald_t) term_dontaudit_use_generic_pty(hald_t) files_dontaudit_read_root_file(hald_t) + files_dontaudit_getattr_home_dir(hald_t) ') optional_policy(`apm',` diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te index 2992ca7e..4cf2fb95 100644 --- a/refpolicy/policy/modules/services/procmail.te +++ b/refpolicy/policy/modules/services/procmail.te @@ -1,5 +1,5 @@ -policy_module(procmail,1.1.0) +policy_module(procmail,1.1.1) ######################################## # @@ -99,6 +99,7 @@ optional_policy(`sendmail',` optional_policy(`spamassassin',` corenet_udp_bind_generic_port(procmail_t) + corenet_tcp_connect_spamd_port(procmail_t) files_getattr_tmp_dir(procmail_t)