Fix typo
This commit is contained in:
Miroslav Grepl
parent
4689b08b49
commit
3d8eaa7aa5
@ -22925,7 +22925,7 @@ index 0000000..bd83148
|
||||
+## <summary>No Interfaces</summary>
|
||||
diff --git a/policy/modules/roles/sysadm_secadm.te b/policy/modules/roles/sysadm_secadm.te
|
||||
new file mode 100644
|
||||
index 0000000..2cc4c43
|
||||
index 0000000..e45e8b0
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/roles/sysadm_secadm.te
|
||||
@@ -0,0 +1,23 @@
|
||||
@ -22938,7 +22938,7 @@ index 0000000..2cc4c43
|
||||
+
|
||||
+gen_require(`
|
||||
+ type sysadm_t;
|
||||
+ ole sysadm_r;
|
||||
+ role sysadm_r;
|
||||
+')
|
||||
+
|
||||
+userdom_security_admin_template(sysadm_t, sysadm_r)
|
||||
@ -46849,7 +46849,7 @@ index 256166a..71e7a36 100644
|
||||
+/var/spool/mqueue\.in(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
|
||||
/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
|
||||
index 343cee3..7ae15f4 100644
|
||||
index 343cee3..ff6a8c7 100644
|
||||
--- a/policy/modules/services/mta.if
|
||||
+++ b/policy/modules/services/mta.if
|
||||
@@ -37,9 +37,9 @@ interface(`mta_stub',`
|
||||
@ -46863,7 +46863,7 @@ index 343cee3..7ae15f4 100644
|
||||
gen_require(`
|
||||
attribute user_mail_domain;
|
||||
type sendmail_exec_t;
|
||||
@@ -56,92 +56,11 @@ template(`mta_base_mail_template',`
|
||||
@@ -56,92 +56,15 @@ template(`mta_base_mail_template',`
|
||||
type $1_mail_tmp_t;
|
||||
files_tmp_file($1_mail_tmp_t)
|
||||
|
||||
@ -46903,7 +46903,7 @@ index 343cee3..7ae15f4 100644
|
||||
+ files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
|
||||
|
||||
auth_use_nsswitch($1_mail_t)
|
||||
-
|
||||
|
||||
- init_dontaudit_rw_utmp($1_mail_t)
|
||||
-
|
||||
- logging_send_syslog_msg($1_mail_t)
|
||||
@ -46916,9 +46916,9 @@ index 343cee3..7ae15f4 100644
|
||||
- exim_manage_spool_files($1_mail_t)
|
||||
- ')
|
||||
-
|
||||
- optional_policy(`
|
||||
- postfix_domtrans_user_mail_handler($1_mail_t)
|
||||
- ')
|
||||
optional_policy(`
|
||||
postfix_domtrans_user_mail_handler($1_mail_t)
|
||||
')
|
||||
-
|
||||
- optional_policy(`
|
||||
- procmail_exec($1_mail_t)
|
||||
@ -46959,7 +46959,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -158,6 +77,7 @@ template(`mta_base_mail_template',`
|
||||
@@ -158,6 +81,7 @@ template(`mta_base_mail_template',`
|
||||
## User domain for the role
|
||||
## </summary>
|
||||
## </param>
|
||||
@ -46967,7 +46967,7 @@ index 343cee3..7ae15f4 100644
|
||||
#
|
||||
interface(`mta_role',`
|
||||
gen_require(`
|
||||
@@ -169,11 +89,19 @@ interface(`mta_role',`
|
||||
@@ -169,11 +93,19 @@ interface(`mta_role',`
|
||||
|
||||
# Transition from the user domain to the derived domain.
|
||||
domtrans_pattern($2, sendmail_exec_t, user_mail_t)
|
||||
@ -46988,7 +46988,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -220,6 +148,25 @@ interface(`mta_agent_executable',`
|
||||
@@ -220,6 +152,25 @@ interface(`mta_agent_executable',`
|
||||
application_executable_file($1)
|
||||
')
|
||||
|
||||
@ -47014,7 +47014,7 @@ index 343cee3..7ae15f4 100644
|
||||
########################################
|
||||
## <summary>
|
||||
## Make the specified type by a system MTA.
|
||||
@@ -306,10 +253,11 @@ interface(`mta_mailserver_sender',`
|
||||
@@ -306,10 +257,11 @@ interface(`mta_mailserver_sender',`
|
||||
interface(`mta_mailserver_delivery',`
|
||||
gen_require(`
|
||||
attribute mailserver_delivery;
|
||||
@ -47027,7 +47027,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -330,12 +278,6 @@ interface(`mta_mailserver_user_agent',`
|
||||
@@ -330,12 +282,6 @@ interface(`mta_mailserver_user_agent',`
|
||||
')
|
||||
|
||||
typeattribute $1 mta_user_agent;
|
||||
@ -47040,7 +47040,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -350,9 +292,8 @@ interface(`mta_mailserver_user_agent',`
|
||||
@@ -350,9 +296,8 @@ interface(`mta_mailserver_user_agent',`
|
||||
#
|
||||
interface(`mta_send_mail',`
|
||||
gen_require(`
|
||||
@ -47051,7 +47051,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
|
||||
@@ -391,12 +332,19 @@ interface(`mta_send_mail',`
|
||||
@@ -391,12 +336,19 @@ interface(`mta_send_mail',`
|
||||
#
|
||||
interface(`mta_sendmail_domtrans',`
|
||||
gen_require(`
|
||||
@ -47073,7 +47073,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -409,7 +357,6 @@ interface(`mta_sendmail_domtrans',`
|
||||
@@ -409,7 +361,6 @@ interface(`mta_sendmail_domtrans',`
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
@ -47081,7 +47081,7 @@ index 343cee3..7ae15f4 100644
|
||||
interface(`mta_signal_system_mail',`
|
||||
gen_require(`
|
||||
type system_mail_t;
|
||||
@@ -420,6 +367,24 @@ interface(`mta_signal_system_mail',`
|
||||
@@ -420,6 +371,24 @@ interface(`mta_signal_system_mail',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -47106,7 +47106,7 @@ index 343cee3..7ae15f4 100644
|
||||
## Execute sendmail in the caller domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -438,6 +403,26 @@ interface(`mta_sendmail_exec',`
|
||||
@@ -438,6 +407,26 @@ interface(`mta_sendmail_exec',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -47133,7 +47133,7 @@ index 343cee3..7ae15f4 100644
|
||||
## Read mail server configuration.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -474,7 +459,8 @@ interface(`mta_write_config',`
|
||||
@@ -474,7 +463,8 @@ interface(`mta_write_config',`
|
||||
type etc_mail_t;
|
||||
')
|
||||
|
||||
@ -47143,7 +47143,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -494,6 +480,7 @@ interface(`mta_read_aliases',`
|
||||
@@ -494,6 +484,7 @@ interface(`mta_read_aliases',`
|
||||
|
||||
files_search_etc($1)
|
||||
allow $1 etc_aliases_t:file read_file_perms;
|
||||
@ -47151,7 +47151,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -532,7 +519,7 @@ interface(`mta_etc_filetrans_aliases',`
|
||||
@@ -532,7 +523,7 @@ interface(`mta_etc_filetrans_aliases',`
|
||||
type etc_aliases_t;
|
||||
')
|
||||
|
||||
@ -47160,7 +47160,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -552,7 +539,7 @@ interface(`mta_rw_aliases',`
|
||||
@@ -552,7 +543,7 @@ interface(`mta_rw_aliases',`
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -47169,7 +47169,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -646,8 +633,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
|
||||
@@ -646,8 +637,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
|
||||
|
||||
files_dontaudit_search_spool($1)
|
||||
dontaudit $1 mail_spool_t:dir search_dir_perms;
|
||||
@ -47180,7 +47180,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -677,7 +664,26 @@ interface(`mta_spool_filetrans',`
|
||||
@@ -677,7 +668,26 @@ interface(`mta_spool_filetrans',`
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
@ -47208,7 +47208,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -697,8 +703,8 @@ interface(`mta_rw_spool',`
|
||||
@@ -697,8 +707,8 @@ interface(`mta_rw_spool',`
|
||||
|
||||
files_search_spool($1)
|
||||
allow $1 mail_spool_t:dir list_dir_perms;
|
||||
@ -47219,7 +47219,7 @@ index 343cee3..7ae15f4 100644
|
||||
read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
|
||||
')
|
||||
|
||||
@@ -838,7 +844,7 @@ interface(`mta_dontaudit_rw_queue',`
|
||||
@@ -838,7 +848,7 @@ interface(`mta_dontaudit_rw_queue',`
|
||||
')
|
||||
|
||||
dontaudit $1 mqueue_spool_t:dir search_dir_perms;
|
||||
@ -47228,7 +47228,7 @@ index 343cee3..7ae15f4 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -864,6 +870,36 @@ interface(`mta_manage_queue',`
|
||||
@@ -864,6 +874,36 @@ interface(`mta_manage_queue',`
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
@ -47265,7 +47265,7 @@ index 343cee3..7ae15f4 100644
|
||||
## Read sendmail binary.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -899,3 +935,114 @@ interface(`mta_rw_user_mail_stream_sockets',`
|
||||
@@ -899,3 +939,114 @@ interface(`mta_rw_user_mail_stream_sockets',`
|
||||
|
||||
allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
|
||||
')
|
||||
@ -47381,7 +47381,7 @@ index 343cee3..7ae15f4 100644
|
||||
+ mta_filetrans_admin_home_content($1)
|
||||
+')
|
||||
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
|
||||
index 64268e4..ab8c4e4 100644
|
||||
index 64268e4..8fd5f8a 100644
|
||||
--- a/policy/modules/services/mta.te
|
||||
+++ b/policy/modules/services/mta.te
|
||||
@@ -20,14 +20,16 @@ files_type(etc_aliases_t)
|
||||
@ -47658,7 +47658,7 @@ index 64268e4..ab8c4e4 100644
|
||||
# Read user temporary files.
|
||||
# postfix seems to need write access if the file handle is opened read/write
|
||||
userdom_rw_user_tmp_files(user_mail_t)
|
||||
@@ -292,3 +303,115 @@ optional_policy(`
|
||||
@@ -292,3 +303,114 @@ optional_policy(`
|
||||
postfix_read_config(user_mail_t)
|
||||
postfix_list_spool(user_mail_t)
|
||||
')
|
||||
@ -47747,7 +47747,6 @@ index 64268e4..ab8c4e4 100644
|
||||
+ postfix_exec_master(user_mail_domain)
|
||||
+ postfix_read_config(user_mail_domain)
|
||||
+ postfix_search_spool(user_mail_domain)
|
||||
+ postfix_domtrans_user_mail_handler(user_mail_domain)
|
||||
+ postfix_rw_master_pipes(user_mail_domain)
|
||||
+
|
||||
+ ifdef(`distro_redhat',`
|
||||
|
||||
Loading…
Reference in New Issue
Block a user