diff --git a/refpolicy/policy/modules/apps/slocate.if b/refpolicy/policy/modules/apps/slocate.if index 0f673c05..0e35a1e4 100644 --- a/refpolicy/policy/modules/apps/slocate.if +++ b/refpolicy/policy/modules/apps/slocate.if @@ -10,7 +10,7 @@ # interface(`slocate_create_append_log',` gen_require(` - type locate_var_log_t; + type locate_log_t; ') logging_search_logs($1) diff --git a/refpolicy/policy/modules/services/djbdns.if b/refpolicy/policy/modules/services/djbdns.if index 7f1bda39..50f601ee 100644 --- a/refpolicy/policy/modules/services/djbdns.if +++ b/refpolicy/policy/modules/services/djbdns.if @@ -26,7 +26,6 @@ template(`djbdns_daemontools_domain_template',` allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot }; allow djbdns_$1_t self:tcp_socket create_stream_socket_perms; allow djbdns_$1_t self:udp_socket create_socket_perms; - allow djbdns_$1_t port_t:udp_socket name_bind; allow djbdns_$1_t djbdns_$1_conf_t:dir r_dir_perms; allow djbdns_$1_t djbdns_$1_conf_t:file r_file_perms; @@ -40,9 +39,9 @@ template(`djbdns_daemontools_domain_template',` corenet_non_ipsec_sendrecv(djbdns_$1_t) corenet_tcp_bind_all_nodes(djbdns_$1_t) corenet_udp_bind_all_nodes(djbdns_$1_t) - corenet_tcp_bind_dns_port(djbdns_$1_t) corenet_udp_bind_dns_port(djbdns_$1_t) + corenet_udp_bind_generic_port(djbdns_$1_t) files_search_var(djbdns_$1_t) diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te index ef67ac18..106df366 100644 --- a/refpolicy/policy/modules/services/mta.te +++ b/refpolicy/policy/modules/services/mta.te @@ -129,9 +129,9 @@ optional_policy(`logwatch',` logwatch_read_tmp_files(system_mail_t) ') -optional_policy(`sendmail',` - files_filetrans_etc(sendmail_t,etc_aliases_t, file) -') +#optional_policy(`sendmail',` +# files_filetrans_etc(sendmail_t,etc_aliases_t, file) +#') optional_policy(`postfix',` allow system_mail_t etc_aliases_t:dir create_dir_perms; diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if index 57c3f6a1..45f5d7dc 100644 --- a/refpolicy/policy/modules/system/unconfined.if +++ b/refpolicy/policy/modules/system/unconfined.if @@ -37,8 +37,6 @@ template(`unconfined_domain_template',` fs_unconfined($1) selinux_unconfined($1) - libs_use_shared_libs($1) - tunable_policy(`allow_execmem',` # Allow making anonymous memory executable, e.g. # for runtime-code generation or executable stack. @@ -64,6 +62,10 @@ template(`unconfined_domain_template',` dbus_system_bus_unconfined($1) ') + optional_policy(`libraries',` + libs_use_shared_libs($1) + ') + optional_policy(`nscd',` nscd_unconfined($1) ')