trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate.

2007-08-27 17:57:36 +00:00 · 2007-08-27 17:57:36 +00:00 · 6dd721a686
commit 6dd721a686
parent a2f444884b
9 changed files with 34 additions and 27 deletions
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@ -1,5 +1,5 @@

-policy_module(logrotate,1.5.0)
+policy_module(logrotate,1.5.1)

 ########################################
 #
@ -80,6 +80,7 @@ selinux_get_fs_mount(logrotate_t)
 selinux_get_enforce_mode(logrotate_t)

 auth_manage_login_records(logrotate_t)
+auth_use_nsswitch(logrotate_t)

 # Run helper programs.
 corecmd_exec_bin(logrotate_t)
@ -114,8 +115,6 @@ miscfiles_read_localization(logrotate_t)

 seutil_dontaudit_read_config(logrotate_t)

-sysnet_read_config(logrotate_t)
-
 userdom_dontaudit_search_sysadm_home_dirs(logrotate_t)
 userdom_use_unpriv_users_fds(logrotate_t)

@ -176,14 +175,6 @@ optional_policy(`
 	mysql_stream_connect(logrotate_t)
 ')

-optional_policy(`
-	nis_use_ypbind(logrotate_t)
-')
-
-optional_policy(`
-	nscd_socket_use(logrotate_t)
-')
-
 optional_policy(`
 	slrnpull_manage_spool(logrotate_t)
 ')
--- a/policy/modules/apps/games.fc
+++ b/policy/modules/apps/games.fc
@ -1,22 +1,16 @@
 #
 # /usr
 #
-/usr/games/powermanga	--	gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/nethack-3.4.3/nethack -- gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/vulturesclaw/vulturesclaw -- gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/vultureseye/vultureseye -- gen_context(system_u:object_r:games_exec_t,s0)
-
 /usr/lib/games(/.*)? 		gen_context(system_u:object_r:games_exec_t,s0)
+/usr/games/.*		--	gen_context(system_u:object_r:games_exec_t,s0)

 #
 # /var
 #
 /var/lib/games(/.*)? 		gen_context(system_u:object_r:games_data_t,s0)
-
-ifdef(`distro_debian', `
-/usr/games/.*		--	gen_context(system_u:object_r:games_exec_t,s0)
 /var/games(/.*)?		gen_context(system_u:object_r:games_data_t,s0)
-', `
+
+ifndef(`distro_debian',`
 /usr/bin/micq		--	gen_context(system_u:object_r:games_exec_t,s0)
 /usr/bin/blackjack	--	gen_context(system_u:object_r:games_exec_t,s0)
 /usr/bin/gataxx		--	gen_context(system_u:object_r:games_exec_t,s0)
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@ -1,5 +1,5 @@

-policy_module(games,1.3.1)
+policy_module(games,1.3.2)

 ########################################
 #
--- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te
@ -1,5 +1,5 @@

-policy_module(slocate,1.5.0)
+policy_module(slocate,1.5.1)

 #################################
 #
@ -47,6 +47,9 @@ fs_getattr_all_fs(locate_t)
 fs_getattr_all_files(locate_t)
 fs_list_all(locate_t)

+# getpwnam
+auth_use_nsswitch(locate_t)
+
 libs_use_shared_libs(locate_t)
 libs_use_ld_so(locate_t)

--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@ -1,5 +1,5 @@

-policy_module(amavis,1.3.0)
+policy_module(amavis,1.3.1)

 ########################################
 #
@ -171,6 +171,7 @@ optional_policy(`

 optional_policy(`
 	pyzor_domtrans(amavis_t)
+	pyzor_signal(amavis_t)
 ')

 optional_policy(`
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@ -1,5 +1,5 @@

-policy_module(radius,1.4.0)
+policy_module(radius,1.4.1)

 ########################################
 #
@ -99,6 +99,7 @@ libs_exec_lib_files(radiusd_t)
 logging_send_syslog_msg(radiusd_t)

 miscfiles_read_localization(radiusd_t)
+miscfiles_read_certs(radiusd_t)

 sysnet_read_config(radiusd_t)

--- a/policy/modules/services/rshd.te
+++ b/policy/modules/services/rshd.te
@ -1,5 +1,5 @@

-policy_module(rshd,1.3.0)
+policy_module(rshd,1.3.1)

 ########################################
 #
@ -67,7 +67,6 @@ sysnet_read_config(rshd_t)
 userdom_search_all_users_home_content(rshd_t)

 ifdef(`targeted_policy',`
-	unconfined_domain(rshd_t)
 	unconfined_shell_domtrans(rshd_t)
 ')

--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@ -39,6 +39,24 @@ interface(`sendmail_domtrans',`
 	allow sendmail_t $1:process sigchld;
 ')

+########################################
+## <summary>
+##	Send generic signals to sendmail.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sendmail_signal',`
+	gen_require(`
+		type sendmail_t;
+	')
+
+	allow $1 sendmail_t:process signal;
+')
+
 ########################################
 ## <summary>
 ##	Read and write sendmail TCP sockets.
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@ -1,5 +1,5 @@

-policy_module(sendmail,1.5.1)
+policy_module(sendmail,1.5.2)

 ########################################
 #