- Fix exim policy
This commit is contained in:
Daniel J Walsh
parent
1ffa684823
commit
492612d339
@ -5854,8 +5854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/exim.fc 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/exim.fc 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.0.8/policy/modules/services/exim.fc 2007-09-29 08:32:19.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/services/exim.fc 2007-10-01 15:30:10.000000000 -0400
|
||||||
@@ -0,0 +1,17 @@
|
@@ -0,0 +1,16 @@
|
||||||
+# $Id$
|
+# $Id$
|
||||||
+# Draft SELinux refpolicy module for the Exim MTA
|
+# Draft SELinux refpolicy module for the Exim MTA
|
||||||
+#
|
+#
|
||||||
@ -5865,7 +5865,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
|
|||||||
+/var/run/exim4?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
|
+/var/run/exim4?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
|
||||||
+/var/log/exim4?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
|
+/var/log/exim4?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
|
||||||
+/usr/sbin/exim4? gen_context(system_u:object_r:exim_exec_t,s0)
|
+/usr/sbin/exim4? gen_context(system_u:object_r:exim_exec_t,s0)
|
||||||
+/usr/sbin/eximstats gen_context(system_u:object_r:exim_stats_exec_t, s0)
|
|
||||||
+ifdef(`distro_debian', `
|
+ifdef(`distro_debian', `
|
||||||
+/usr/sbin/update-exim4\.conf gen_context(system_u:object_r:exim_conf_update_exec_t,s0)
|
+/usr/sbin/update-exim4\.conf gen_context(system_u:object_r:exim_conf_update_exec_t,s0)
|
||||||
+# work around a misparse if the word template appears without adjustment
|
+# work around a misparse if the word template appears without adjustment
|
||||||
@ -8771,7 +8770,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.8/policy/modules/services/samba.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.8/policy/modules/services/samba.te
|
||||||
--- nsaserefpolicy/policy/modules/services/samba.te 2007-07-25 10:37:42.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/samba.te 2007-07-25 10:37:42.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/services/samba.te 2007-09-25 17:09:36.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/services/samba.te 2007-10-01 16:00:57.000000000 -0400
|
||||||
@@ -137,6 +137,11 @@
|
@@ -137,6 +137,11 @@
|
||||||
type winbind_var_run_t;
|
type winbind_var_run_t;
|
||||||
files_pid_file(winbind_var_run_t)
|
files_pid_file(winbind_var_run_t)
|
||||||
@ -9133,7 +9132,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -828,3 +837,36 @@
|
@@ -828,3 +837,37 @@
|
||||||
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
|
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
@ -9161,6 +9160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
+samba_read_winbind_pid(smbcontrol_t)
|
+samba_read_winbind_pid(smbcontrol_t)
|
||||||
+
|
+
|
||||||
+allow smbcontrol_t smbd_t:process signal;
|
+allow smbcontrol_t smbd_t:process signal;
|
||||||
|
+domain_use_interactive_fds(smbcontrol_t)
|
||||||
+allow smbd_t smbcontrol_t:process { signal signull };
|
+allow smbd_t smbcontrol_t:process { signal signull };
|
||||||
+
|
+
|
||||||
+allow nmbd_t smbcontrol_t:process signal;
|
+allow nmbd_t smbcontrol_t:process signal;
|
||||||
@ -10348,7 +10348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-26 09:40:50.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-10-01 15:49:15.000000000 -0400
|
||||||
@@ -16,6 +16,13 @@
|
@@ -16,6 +16,13 @@
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
@ -10363,6 +10363,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||||||
## Allow xdm logins as sysadm
|
## Allow xdm logins as sysadm
|
||||||
## </p>
|
## </p>
|
||||||
## </desc>
|
## </desc>
|
||||||
|
@@ -96,7 +103,7 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
|
||||||
|
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
|
||||||
|
+allow xdm_t self:process { setexec setpgid getsched ptrace setsched setrlimit signal_perms setkeycreate };
|
||||||
|
allow xdm_t self:fifo_file rw_fifo_file_perms;
|
||||||
|
allow xdm_t self:shm create_shm_perms;
|
||||||
|
allow xdm_t self:sem create_sem_perms;
|
||||||
@@ -132,15 +139,20 @@
|
@@ -132,15 +139,20 @@
|
||||||
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
|
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
|
||||||
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
|
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.0.8
|
Version: 3.0.8
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -365,6 +365,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-16
|
||||||
|
- Fix exim policy
|
||||||
|
|
||||||
* Thu Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-15
|
* Thu Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-15
|
||||||
- Allow tmpreadper to read man_t
|
- Allow tmpreadper to read man_t
|
||||||
- Allow racoon to bind to all nodes
|
- Allow racoon to bind to all nodes
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user