Fix typo
This commit is contained in:
parent
4689b08b49
commit
3d8eaa7aa5
@ -22925,7 +22925,7 @@ index 0000000..bd83148
|
|||||||
+## <summary>No Interfaces</summary>
|
+## <summary>No Interfaces</summary>
|
||||||
diff --git a/policy/modules/roles/sysadm_secadm.te b/policy/modules/roles/sysadm_secadm.te
|
diff --git a/policy/modules/roles/sysadm_secadm.te b/policy/modules/roles/sysadm_secadm.te
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..2cc4c43
|
index 0000000..e45e8b0
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policy/modules/roles/sysadm_secadm.te
|
+++ b/policy/modules/roles/sysadm_secadm.te
|
||||||
@@ -0,0 +1,23 @@
|
@@ -0,0 +1,23 @@
|
||||||
@ -22938,7 +22938,7 @@ index 0000000..2cc4c43
|
|||||||
+
|
+
|
||||||
+gen_require(`
|
+gen_require(`
|
||||||
+ type sysadm_t;
|
+ type sysadm_t;
|
||||||
+ ole sysadm_r;
|
+ role sysadm_r;
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+userdom_security_admin_template(sysadm_t, sysadm_r)
|
+userdom_security_admin_template(sysadm_t, sysadm_r)
|
||||||
@ -46849,7 +46849,7 @@ index 256166a..71e7a36 100644
|
|||||||
+/var/spool/mqueue\.in(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
|
+/var/spool/mqueue\.in(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
|
||||||
/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||||
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
|
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
|
||||||
index 343cee3..7ae15f4 100644
|
index 343cee3..ff6a8c7 100644
|
||||||
--- a/policy/modules/services/mta.if
|
--- a/policy/modules/services/mta.if
|
||||||
+++ b/policy/modules/services/mta.if
|
+++ b/policy/modules/services/mta.if
|
||||||
@@ -37,9 +37,9 @@ interface(`mta_stub',`
|
@@ -37,9 +37,9 @@ interface(`mta_stub',`
|
||||||
@ -46863,7 +46863,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
gen_require(`
|
gen_require(`
|
||||||
attribute user_mail_domain;
|
attribute user_mail_domain;
|
||||||
type sendmail_exec_t;
|
type sendmail_exec_t;
|
||||||
@@ -56,92 +56,11 @@ template(`mta_base_mail_template',`
|
@@ -56,92 +56,15 @@ template(`mta_base_mail_template',`
|
||||||
type $1_mail_tmp_t;
|
type $1_mail_tmp_t;
|
||||||
files_tmp_file($1_mail_tmp_t)
|
files_tmp_file($1_mail_tmp_t)
|
||||||
|
|
||||||
@ -46903,7 +46903,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
+ files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
|
+ files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
|
||||||
|
|
||||||
auth_use_nsswitch($1_mail_t)
|
auth_use_nsswitch($1_mail_t)
|
||||||
-
|
|
||||||
- init_dontaudit_rw_utmp($1_mail_t)
|
- init_dontaudit_rw_utmp($1_mail_t)
|
||||||
-
|
-
|
||||||
- logging_send_syslog_msg($1_mail_t)
|
- logging_send_syslog_msg($1_mail_t)
|
||||||
@ -46916,9 +46916,9 @@ index 343cee3..7ae15f4 100644
|
|||||||
- exim_manage_spool_files($1_mail_t)
|
- exim_manage_spool_files($1_mail_t)
|
||||||
- ')
|
- ')
|
||||||
-
|
-
|
||||||
- optional_policy(`
|
optional_policy(`
|
||||||
- postfix_domtrans_user_mail_handler($1_mail_t)
|
postfix_domtrans_user_mail_handler($1_mail_t)
|
||||||
- ')
|
')
|
||||||
-
|
-
|
||||||
- optional_policy(`
|
- optional_policy(`
|
||||||
- procmail_exec($1_mail_t)
|
- procmail_exec($1_mail_t)
|
||||||
@ -46959,7 +46959,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -158,6 +77,7 @@ template(`mta_base_mail_template',`
|
@@ -158,6 +81,7 @@ template(`mta_base_mail_template',`
|
||||||
## User domain for the role
|
## User domain for the role
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
@ -46967,7 +46967,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
#
|
#
|
||||||
interface(`mta_role',`
|
interface(`mta_role',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@@ -169,11 +89,19 @@ interface(`mta_role',`
|
@@ -169,11 +93,19 @@ interface(`mta_role',`
|
||||||
|
|
||||||
# Transition from the user domain to the derived domain.
|
# Transition from the user domain to the derived domain.
|
||||||
domtrans_pattern($2, sendmail_exec_t, user_mail_t)
|
domtrans_pattern($2, sendmail_exec_t, user_mail_t)
|
||||||
@ -46988,7 +46988,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -220,6 +148,25 @@ interface(`mta_agent_executable',`
|
@@ -220,6 +152,25 @@ interface(`mta_agent_executable',`
|
||||||
application_executable_file($1)
|
application_executable_file($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -47014,7 +47014,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Make the specified type by a system MTA.
|
## Make the specified type by a system MTA.
|
||||||
@@ -306,10 +253,11 @@ interface(`mta_mailserver_sender',`
|
@@ -306,10 +257,11 @@ interface(`mta_mailserver_sender',`
|
||||||
interface(`mta_mailserver_delivery',`
|
interface(`mta_mailserver_delivery',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute mailserver_delivery;
|
attribute mailserver_delivery;
|
||||||
@ -47027,7 +47027,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
@@ -330,12 +278,6 @@ interface(`mta_mailserver_user_agent',`
|
@@ -330,12 +282,6 @@ interface(`mta_mailserver_user_agent',`
|
||||||
')
|
')
|
||||||
|
|
||||||
typeattribute $1 mta_user_agent;
|
typeattribute $1 mta_user_agent;
|
||||||
@ -47040,7 +47040,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -350,9 +292,8 @@ interface(`mta_mailserver_user_agent',`
|
@@ -350,9 +296,8 @@ interface(`mta_mailserver_user_agent',`
|
||||||
#
|
#
|
||||||
interface(`mta_send_mail',`
|
interface(`mta_send_mail',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -47051,7 +47051,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
|
allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
|
||||||
@@ -391,12 +332,19 @@ interface(`mta_send_mail',`
|
@@ -391,12 +336,19 @@ interface(`mta_send_mail',`
|
||||||
#
|
#
|
||||||
interface(`mta_sendmail_domtrans',`
|
interface(`mta_sendmail_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -47073,7 +47073,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -409,7 +357,6 @@ interface(`mta_sendmail_domtrans',`
|
@@ -409,7 +361,6 @@ interface(`mta_sendmail_domtrans',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -47081,7 +47081,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
interface(`mta_signal_system_mail',`
|
interface(`mta_signal_system_mail',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_mail_t;
|
type system_mail_t;
|
||||||
@@ -420,6 +367,24 @@ interface(`mta_signal_system_mail',`
|
@@ -420,6 +371,24 @@ interface(`mta_signal_system_mail',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -47106,7 +47106,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
## Execute sendmail in the caller domain.
|
## Execute sendmail in the caller domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -438,6 +403,26 @@ interface(`mta_sendmail_exec',`
|
@@ -438,6 +407,26 @@ interface(`mta_sendmail_exec',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -47133,7 +47133,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
## Read mail server configuration.
|
## Read mail server configuration.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -474,7 +459,8 @@ interface(`mta_write_config',`
|
@@ -474,7 +463,8 @@ interface(`mta_write_config',`
|
||||||
type etc_mail_t;
|
type etc_mail_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -47143,7 +47143,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -494,6 +480,7 @@ interface(`mta_read_aliases',`
|
@@ -494,6 +484,7 @@ interface(`mta_read_aliases',`
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 etc_aliases_t:file read_file_perms;
|
allow $1 etc_aliases_t:file read_file_perms;
|
||||||
@ -47151,7 +47151,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -532,7 +519,7 @@ interface(`mta_etc_filetrans_aliases',`
|
@@ -532,7 +523,7 @@ interface(`mta_etc_filetrans_aliases',`
|
||||||
type etc_aliases_t;
|
type etc_aliases_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -47160,7 +47160,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -552,7 +539,7 @@ interface(`mta_rw_aliases',`
|
@@ -552,7 +543,7 @@ interface(`mta_rw_aliases',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
@ -47169,7 +47169,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
@@ -646,8 +633,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
|
@@ -646,8 +637,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
|
||||||
|
|
||||||
files_dontaudit_search_spool($1)
|
files_dontaudit_search_spool($1)
|
||||||
dontaudit $1 mail_spool_t:dir search_dir_perms;
|
dontaudit $1 mail_spool_t:dir search_dir_perms;
|
||||||
@ -47180,7 +47180,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
@@ -677,7 +664,26 @@ interface(`mta_spool_filetrans',`
|
@@ -677,7 +668,26 @@ interface(`mta_spool_filetrans',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_spool($1)
|
files_search_spool($1)
|
||||||
@ -47208,7 +47208,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -697,8 +703,8 @@ interface(`mta_rw_spool',`
|
@@ -697,8 +707,8 @@ interface(`mta_rw_spool',`
|
||||||
|
|
||||||
files_search_spool($1)
|
files_search_spool($1)
|
||||||
allow $1 mail_spool_t:dir list_dir_perms;
|
allow $1 mail_spool_t:dir list_dir_perms;
|
||||||
@ -47219,7 +47219,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
|
read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -838,7 +844,7 @@ interface(`mta_dontaudit_rw_queue',`
|
@@ -838,7 +848,7 @@ interface(`mta_dontaudit_rw_queue',`
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 mqueue_spool_t:dir search_dir_perms;
|
dontaudit $1 mqueue_spool_t:dir search_dir_perms;
|
||||||
@ -47228,7 +47228,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -864,6 +870,36 @@ interface(`mta_manage_queue',`
|
@@ -864,6 +874,36 @@ interface(`mta_manage_queue',`
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -47265,7 +47265,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
## Read sendmail binary.
|
## Read sendmail binary.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -899,3 +935,114 @@ interface(`mta_rw_user_mail_stream_sockets',`
|
@@ -899,3 +939,114 @@ interface(`mta_rw_user_mail_stream_sockets',`
|
||||||
|
|
||||||
allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
|
allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
|
||||||
')
|
')
|
||||||
@ -47381,7 +47381,7 @@ index 343cee3..7ae15f4 100644
|
|||||||
+ mta_filetrans_admin_home_content($1)
|
+ mta_filetrans_admin_home_content($1)
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
|
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
|
||||||
index 64268e4..ab8c4e4 100644
|
index 64268e4..8fd5f8a 100644
|
||||||
--- a/policy/modules/services/mta.te
|
--- a/policy/modules/services/mta.te
|
||||||
+++ b/policy/modules/services/mta.te
|
+++ b/policy/modules/services/mta.te
|
||||||
@@ -20,14 +20,16 @@ files_type(etc_aliases_t)
|
@@ -20,14 +20,16 @@ files_type(etc_aliases_t)
|
||||||
@ -47658,7 +47658,7 @@ index 64268e4..ab8c4e4 100644
|
|||||||
# Read user temporary files.
|
# Read user temporary files.
|
||||||
# postfix seems to need write access if the file handle is opened read/write
|
# postfix seems to need write access if the file handle is opened read/write
|
||||||
userdom_rw_user_tmp_files(user_mail_t)
|
userdom_rw_user_tmp_files(user_mail_t)
|
||||||
@@ -292,3 +303,115 @@ optional_policy(`
|
@@ -292,3 +303,114 @@ optional_policy(`
|
||||||
postfix_read_config(user_mail_t)
|
postfix_read_config(user_mail_t)
|
||||||
postfix_list_spool(user_mail_t)
|
postfix_list_spool(user_mail_t)
|
||||||
')
|
')
|
||||||
@ -47747,7 +47747,6 @@ index 64268e4..ab8c4e4 100644
|
|||||||
+ postfix_exec_master(user_mail_domain)
|
+ postfix_exec_master(user_mail_domain)
|
||||||
+ postfix_read_config(user_mail_domain)
|
+ postfix_read_config(user_mail_domain)
|
||||||
+ postfix_search_spool(user_mail_domain)
|
+ postfix_search_spool(user_mail_domain)
|
||||||
+ postfix_domtrans_user_mail_handler(user_mail_domain)
|
|
||||||
+ postfix_rw_master_pipes(user_mail_domain)
|
+ postfix_rw_master_pipes(user_mail_domain)
|
||||||
+
|
+
|
||||||
+ ifdef(`distro_redhat',`
|
+ ifdef(`distro_redhat',`
|
||||||
|
Loading…
Reference in New Issue
Block a user