patch from dan

This commit is contained in:
Chris PeBenito 2005-11-29 21:51:24 +00:00
parent 9fd4b818fc
commit 78510c55e8
9 changed files with 19 additions and 7 deletions

View File

@ -53,7 +53,6 @@ DISTRO = redhat
# run init scripts, instead of requring run_init.
# This is a build option, as role transitions do
# not work in conditional policy.
# This option will be impled as y for redhat policies.
DIRECT_INITRC=y
# Build monolithic policy. Putting n here

View File

@ -57,6 +57,7 @@ template(`su_restricted_domain_template', `
domain_use_wide_inherit_fd($1_su_t)
files_read_etc_files($1_su_t)
files_read_etc_runtime_files($1_su_t)
files_search_var_lib($1_su_t)
init_dontaudit_use_fd($1_su_t)

View File

@ -1,5 +1,5 @@
policy_module(su,1.0)
policy_module(su,1.0.1)
########################################
#

View File

@ -632,7 +632,7 @@ ifdef(`targeted_policy', `
allow initrc_t cupsd_t:dbus send_msg;
allow { cupsd_config_t cupsd_t } unconfined_t:dbus send_msg;
allow unconfined_t cupsd_config_t:dbus send_msg;
allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file read;
allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file r_file_perms;
term_use_generic_pty(cupsd_config_t)
')

View File

@ -1,5 +1,5 @@
policy_module(dovecot,1.0.1)
policy_module(dovecot,1.0.2)
########################################
#
@ -159,8 +159,10 @@ kernel_read_system_state(dovecot_auth_t)
dev_read_urand(dovecot_auth_t)
auth_domtrans_chk_passwd(dovecot_auth_t)
auth_use_nsswitch(dovecot_auth_t)
files_read_etc_files(dovecot_auth_t)
files_read_etc_runtime_files(dovecot_auth_t)
files_search_pids(dovecot_auth_t)
libs_use_ld_so(dovecot_auth_t)

View File

@ -1,4 +1,6 @@
/etc/privoxy/user\.action -- gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
/usr/sbin/privoxy -- gen_context(system_u:object_r:privoxy_exec_t,s0)
/var/log/privoxy(/.*)? gen_context(system_u:object_r:privoxy_log_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(privoxy,1.0)
policy_module(privoxy,1.0.1)
########################################
#
@ -10,6 +10,9 @@ type privoxy_t; # web_client_domain
type privoxy_exec_t;
init_daemon_domain(privoxy_t,privoxy_exec_t)
type privoxy_etc_rw_t;
files_type(privoxy_etc_rw_t)
type privoxy_log_t;
logging_log_file(privoxy_log_t)
@ -25,6 +28,8 @@ allow privoxy_t self:capability { setgid setuid };
dontaudit privoxy_t self:capability sys_tty_config;
allow privoxy_t self:tcp_socket create_stream_socket_perms;
allow privoxy_t privoxy_etc_rw_t:file rw_file_perms;
allow privoxy_t privoxy_log_t:file create_file_perms;
allow privoxy_t privoxy_log_t:dir rw_dir_perms;
logging_create_log(privoxy_t,privoxy_log_t)

View File

@ -1,5 +1,5 @@
policy_module(procmail,1.0.0)
policy_module(procmail,1.0.1)
########################################
#
@ -38,6 +38,7 @@ corenet_tcp_sendrecv_all_ports(procmail_t)
corenet_udp_sendrecv_all_ports(procmail_t)
corenet_tcp_bind_all_nodes(procmail_t)
corenet_udp_bind_all_nodes(procmail_t)
corenet_tcp_connect_spamd_port(procmail_t)
dev_read_urand(procmail_t)

View File

@ -1,5 +1,5 @@
policy_module(sasl,1.0)
policy_module(sasl,1.0.1)
########################################
#
@ -50,10 +50,12 @@ fs_search_auto_mountpoints(saslauthd_t)
term_dontaudit_use_console(saslauthd_t)
auth_domtrans_chk_passwd(saslauthd_t)
auth_use_nsswitch(saslauthd_t)
domain_use_wide_inherit_fd(saslauthd_t)
files_read_etc_files(saslauthd_t)
files_read_etc_runtime_files(saslauthd_t)
files_search_var_lib(saslauthd_t)
files_dontaudit_getattr_home_dir(saslauthd_t)