fixes from dan
This commit is contained in:
parent
68228b3300
commit
0a77288692
@ -1,3 +1,4 @@
|
|||||||
|
- Miscellaneous fixes from Dan Walsh.
|
||||||
- Change initrc_var_run_t interface noun from script_pid to utmp,
|
- Change initrc_var_run_t interface noun from script_pid to utmp,
|
||||||
for greater clarity.
|
for greater clarity.
|
||||||
- Added modules:
|
- Added modules:
|
||||||
|
@ -2135,10 +2135,9 @@ interface(`files_dontaudit_getattr_tmp_dir',`
|
|||||||
interface(`files_search_tmp',`
|
interface(`files_search_tmp',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tmp_t;
|
type tmp_t;
|
||||||
class dir search;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 tmp_t:dir search;
|
allow $1 tmp_t:dir search_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(fetchmail,1.0.0)
|
policy_module(fetchmail,1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -29,6 +29,7 @@ allow fetchmail_t self:unix_dgram_socket create_socket_perms;
|
|||||||
allow fetchmail_t self:unix_stream_socket create_stream_socket_perms;
|
allow fetchmail_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow fetchmail_t self:tcp_socket create_socket_perms;
|
allow fetchmail_t self:tcp_socket create_socket_perms;
|
||||||
allow fetchmail_t self:udp_socket create_socket_perms;
|
allow fetchmail_t self:udp_socket create_socket_perms;
|
||||||
|
allow fetchmail_t self:netlink_route_socket r_netlink_socket_perms;
|
||||||
|
|
||||||
allow fetchmail_t fetchmail_etc_t:file r_file_perms;
|
allow fetchmail_t fetchmail_etc_t:file r_file_perms;
|
||||||
|
|
||||||
@ -41,6 +42,7 @@ files_filetrans_pid(fetchmail_t,fetchmail_var_run_t)
|
|||||||
|
|
||||||
kernel_read_kernel_sysctl(fetchmail_t)
|
kernel_read_kernel_sysctl(fetchmail_t)
|
||||||
kernel_list_proc(fetchmail_t)
|
kernel_list_proc(fetchmail_t)
|
||||||
|
kernel_getattr_proc_files(fetchmail_t)
|
||||||
kernel_read_proc_symlinks(fetchmail_t)
|
kernel_read_proc_symlinks(fetchmail_t)
|
||||||
|
|
||||||
corenet_non_ipsec_sendrecv(fetchmail_t)
|
corenet_non_ipsec_sendrecv(fetchmail_t)
|
||||||
@ -59,8 +61,11 @@ corenet_udp_bind_all_nodes(fetchmail_t)
|
|||||||
corenet_tcp_connect_all_ports(fetchmail_t)
|
corenet_tcp_connect_all_ports(fetchmail_t)
|
||||||
|
|
||||||
dev_read_sysfs(fetchmail_t)
|
dev_read_sysfs(fetchmail_t)
|
||||||
|
dev_read_rand(fetchmail_t)
|
||||||
|
dev_read_urand(fetchmail_t)
|
||||||
|
|
||||||
files_read_etc_files(fetchmail_t)
|
files_read_etc_files(fetchmail_t)
|
||||||
|
files_read_etc_runtime_files(fetchmail_t)
|
||||||
|
|
||||||
fs_getattr_all_fs(fetchmail_t)
|
fs_getattr_all_fs(fetchmail_t)
|
||||||
fs_search_auto_mountpoints(fetchmail_t)
|
fs_search_auto_mountpoints(fetchmail_t)
|
||||||
@ -78,6 +83,7 @@ libs_use_shared_libs(fetchmail_t)
|
|||||||
logging_send_syslog_msg(fetchmail_t)
|
logging_send_syslog_msg(fetchmail_t)
|
||||||
|
|
||||||
miscfiles_read_localization(fetchmail_t)
|
miscfiles_read_localization(fetchmail_t)
|
||||||
|
miscfiles_read_certs(fetchmail_t)
|
||||||
|
|
||||||
sysnet_read_config(fetchmail_t)
|
sysnet_read_config(fetchmail_t)
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(hal,1.2.0)
|
policy_module(hal,1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -139,6 +139,7 @@ ifdef(`targeted_policy', `
|
|||||||
term_dontaudit_use_unallocated_tty(hald_t)
|
term_dontaudit_use_unallocated_tty(hald_t)
|
||||||
term_dontaudit_use_generic_pty(hald_t)
|
term_dontaudit_use_generic_pty(hald_t)
|
||||||
files_dontaudit_read_root_file(hald_t)
|
files_dontaudit_read_root_file(hald_t)
|
||||||
|
files_dontaudit_getattr_home_dir(hald_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`apm',`
|
optional_policy(`apm',`
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(procmail,1.1.0)
|
policy_module(procmail,1.1.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -99,6 +99,7 @@ optional_policy(`sendmail',`
|
|||||||
|
|
||||||
optional_policy(`spamassassin',`
|
optional_policy(`spamassassin',`
|
||||||
corenet_udp_bind_generic_port(procmail_t)
|
corenet_udp_bind_generic_port(procmail_t)
|
||||||
|
corenet_tcp_connect_spamd_port(procmail_t)
|
||||||
|
|
||||||
files_getattr_tmp_dir(procmail_t)
|
files_getattr_tmp_dir(procmail_t)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user