trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate.
This commit is contained in:
parent
a2f444884b
commit
6dd721a686
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(logrotate,1.5.0)
|
policy_module(logrotate,1.5.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -80,6 +80,7 @@ selinux_get_fs_mount(logrotate_t)
|
|||||||
selinux_get_enforce_mode(logrotate_t)
|
selinux_get_enforce_mode(logrotate_t)
|
||||||
|
|
||||||
auth_manage_login_records(logrotate_t)
|
auth_manage_login_records(logrotate_t)
|
||||||
|
auth_use_nsswitch(logrotate_t)
|
||||||
|
|
||||||
# Run helper programs.
|
# Run helper programs.
|
||||||
corecmd_exec_bin(logrotate_t)
|
corecmd_exec_bin(logrotate_t)
|
||||||
@ -114,8 +115,6 @@ miscfiles_read_localization(logrotate_t)
|
|||||||
|
|
||||||
seutil_dontaudit_read_config(logrotate_t)
|
seutil_dontaudit_read_config(logrotate_t)
|
||||||
|
|
||||||
sysnet_read_config(logrotate_t)
|
|
||||||
|
|
||||||
userdom_dontaudit_search_sysadm_home_dirs(logrotate_t)
|
userdom_dontaudit_search_sysadm_home_dirs(logrotate_t)
|
||||||
userdom_use_unpriv_users_fds(logrotate_t)
|
userdom_use_unpriv_users_fds(logrotate_t)
|
||||||
|
|
||||||
@ -176,14 +175,6 @@ optional_policy(`
|
|||||||
mysql_stream_connect(logrotate_t)
|
mysql_stream_connect(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(logrotate_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(logrotate_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
slrnpull_manage_spool(logrotate_t)
|
slrnpull_manage_spool(logrotate_t)
|
||||||
')
|
')
|
||||||
|
@ -1,22 +1,16 @@
|
|||||||
#
|
#
|
||||||
# /usr
|
# /usr
|
||||||
#
|
#
|
||||||
/usr/games/powermanga -- gen_context(system_u:object_r:games_exec_t,s0)
|
|
||||||
/usr/games/nethack-3.4.3/nethack -- gen_context(system_u:object_r:games_exec_t,s0)
|
|
||||||
/usr/games/vulturesclaw/vulturesclaw -- gen_context(system_u:object_r:games_exec_t,s0)
|
|
||||||
/usr/games/vultureseye/vultureseye -- gen_context(system_u:object_r:games_exec_t,s0)
|
|
||||||
|
|
||||||
/usr/lib/games(/.*)? gen_context(system_u:object_r:games_exec_t,s0)
|
/usr/lib/games(/.*)? gen_context(system_u:object_r:games_exec_t,s0)
|
||||||
|
/usr/games/.* -- gen_context(system_u:object_r:games_exec_t,s0)
|
||||||
|
|
||||||
#
|
#
|
||||||
# /var
|
# /var
|
||||||
#
|
#
|
||||||
/var/lib/games(/.*)? gen_context(system_u:object_r:games_data_t,s0)
|
/var/lib/games(/.*)? gen_context(system_u:object_r:games_data_t,s0)
|
||||||
|
|
||||||
ifdef(`distro_debian', `
|
|
||||||
/usr/games/.* -- gen_context(system_u:object_r:games_exec_t,s0)
|
|
||||||
/var/games(/.*)? gen_context(system_u:object_r:games_data_t,s0)
|
/var/games(/.*)? gen_context(system_u:object_r:games_data_t,s0)
|
||||||
', `
|
|
||||||
|
ifndef(`distro_debian',`
|
||||||
/usr/bin/micq -- gen_context(system_u:object_r:games_exec_t,s0)
|
/usr/bin/micq -- gen_context(system_u:object_r:games_exec_t,s0)
|
||||||
/usr/bin/blackjack -- gen_context(system_u:object_r:games_exec_t,s0)
|
/usr/bin/blackjack -- gen_context(system_u:object_r:games_exec_t,s0)
|
||||||
/usr/bin/gataxx -- gen_context(system_u:object_r:games_exec_t,s0)
|
/usr/bin/gataxx -- gen_context(system_u:object_r:games_exec_t,s0)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(games,1.3.1)
|
policy_module(games,1.3.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(slocate,1.5.0)
|
policy_module(slocate,1.5.1)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -47,6 +47,9 @@ fs_getattr_all_fs(locate_t)
|
|||||||
fs_getattr_all_files(locate_t)
|
fs_getattr_all_files(locate_t)
|
||||||
fs_list_all(locate_t)
|
fs_list_all(locate_t)
|
||||||
|
|
||||||
|
# getpwnam
|
||||||
|
auth_use_nsswitch(locate_t)
|
||||||
|
|
||||||
libs_use_shared_libs(locate_t)
|
libs_use_shared_libs(locate_t)
|
||||||
libs_use_ld_so(locate_t)
|
libs_use_ld_so(locate_t)
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(amavis,1.3.0)
|
policy_module(amavis,1.3.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -171,6 +171,7 @@ optional_policy(`
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
pyzor_domtrans(amavis_t)
|
pyzor_domtrans(amavis_t)
|
||||||
|
pyzor_signal(amavis_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(radius,1.4.0)
|
policy_module(radius,1.4.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -99,6 +99,7 @@ libs_exec_lib_files(radiusd_t)
|
|||||||
logging_send_syslog_msg(radiusd_t)
|
logging_send_syslog_msg(radiusd_t)
|
||||||
|
|
||||||
miscfiles_read_localization(radiusd_t)
|
miscfiles_read_localization(radiusd_t)
|
||||||
|
miscfiles_read_certs(radiusd_t)
|
||||||
|
|
||||||
sysnet_read_config(radiusd_t)
|
sysnet_read_config(radiusd_t)
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(rshd,1.3.0)
|
policy_module(rshd,1.3.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -67,7 +67,6 @@ sysnet_read_config(rshd_t)
|
|||||||
userdom_search_all_users_home_content(rshd_t)
|
userdom_search_all_users_home_content(rshd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
unconfined_domain(rshd_t)
|
|
||||||
unconfined_shell_domtrans(rshd_t)
|
unconfined_shell_domtrans(rshd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -39,6 +39,24 @@ interface(`sendmail_domtrans',`
|
|||||||
allow sendmail_t $1:process sigchld;
|
allow sendmail_t $1:process sigchld;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Send generic signals to sendmail.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`sendmail_signal',`
|
||||||
|
gen_require(`
|
||||||
|
type sendmail_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 sendmail_t:process signal;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read and write sendmail TCP sockets.
|
## Read and write sendmail TCP sockets.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(sendmail,1.5.1)
|
policy_module(sendmail,1.5.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user