- Fix transition to nsplugin
This commit is contained in:
Daniel J Walsh
parent
d86efe56b9
commit
a80e7ac6a3
@ -564,7 +564,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
files_read_etc_files(kismet_t)
|
files_read_etc_files(kismet_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.8/policy/modules/admin/logrotate.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.8/policy/modules/admin/logrotate.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-09-03 10:17:00.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-09-03 10:17:00.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/admin/logrotate.te 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/admin/logrotate.te 2008-09-23 08:33:35.000000000 -0400
|
||||||
@@ -97,6 +97,7 @@
|
@@ -97,6 +97,7 @@
|
||||||
files_read_etc_files(logrotate_t)
|
files_read_etc_files(logrotate_t)
|
||||||
files_read_etc_runtime_files(logrotate_t)
|
files_read_etc_runtime_files(logrotate_t)
|
||||||
@ -573,6 +573,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
# Write to /var/spool/slrnpull - should be moved into its own type.
|
# Write to /var/spool/slrnpull - should be moved into its own type.
|
||||||
files_manage_generic_spool(logrotate_t)
|
files_manage_generic_spool(logrotate_t)
|
||||||
files_manage_generic_spool_dirs(logrotate_t)
|
files_manage_generic_spool_dirs(logrotate_t)
|
||||||
|
@@ -167,7 +168,7 @@
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
- mailman_exec(logrotate_t)
|
||||||
|
+ mailman_domtrans(logrotate_t)
|
||||||
|
mailman_search_data(logrotate_t)
|
||||||
|
mailman_manage_log(logrotate_t)
|
||||||
|
')
|
||||||
@@ -189,6 +190,5 @@
|
@@ -189,6 +190,5 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -615,7 +624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.5.8/policy/modules/admin/mrtg.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.5.8/policy/modules/admin/mrtg.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-08-07 11:15:13.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-08-07 11:15:13.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/admin/mrtg.te 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/admin/mrtg.te 2008-09-23 10:04:14.000000000 -0400
|
||||||
@@ -78,6 +78,7 @@
|
@@ -78,6 +78,7 @@
|
||||||
dev_read_urand(mrtg_t)
|
dev_read_urand(mrtg_t)
|
||||||
|
|
||||||
@ -624,7 +633,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
files_read_usr_files(mrtg_t)
|
files_read_usr_files(mrtg_t)
|
||||||
files_search_var(mrtg_t)
|
files_search_var(mrtg_t)
|
||||||
@@ -101,6 +102,8 @@
|
@@ -92,6 +93,7 @@
|
||||||
|
|
||||||
|
fs_search_auto_mountpoints(mrtg_t)
|
||||||
|
fs_getattr_xattr_fs(mrtg_t)
|
||||||
|
+fs_list_inotifyfs(mrtg_t)
|
||||||
|
|
||||||
|
term_dontaudit_use_console(mrtg_t)
|
||||||
|
|
||||||
|
@@ -101,6 +103,8 @@
|
||||||
init_read_utmp(mrtg_t)
|
init_read_utmp(mrtg_t)
|
||||||
init_dontaudit_write_utmp(mrtg_t)
|
init_dontaudit_write_utmp(mrtg_t)
|
||||||
|
|
||||||
@ -633,7 +650,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
libs_read_lib_files(mrtg_t)
|
libs_read_lib_files(mrtg_t)
|
||||||
libs_use_ld_so(mrtg_t)
|
libs_use_ld_so(mrtg_t)
|
||||||
libs_use_shared_libs(mrtg_t)
|
libs_use_shared_libs(mrtg_t)
|
||||||
@@ -111,12 +114,10 @@
|
@@ -111,12 +115,10 @@
|
||||||
|
|
||||||
selinux_dontaudit_getattr_dir(mrtg_t)
|
selinux_dontaudit_getattr_dir(mrtg_t)
|
||||||
|
|
||||||
@ -647,7 +664,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
ifdef(`enable_mls',`
|
ifdef(`enable_mls',`
|
||||||
corenet_udp_sendrecv_lo_if(mrtg_t)
|
corenet_udp_sendrecv_lo_if(mrtg_t)
|
||||||
@@ -140,14 +141,6 @@
|
@@ -140,14 +142,6 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -662,7 +679,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
seutil_sigchld_newrole(mrtg_t)
|
seutil_sigchld_newrole(mrtg_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -162,10 +155,3 @@
|
@@ -162,10 +156,3 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
udev_read_db(mrtg_t)
|
udev_read_db(mrtg_t)
|
||||||
')
|
')
|
||||||
@ -5119,7 +5136,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.8/policy/modules/apps/podsleuth.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.8/policy/modules/apps/podsleuth.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-08-07 11:15:03.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-08-07 11:15:03.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/apps/podsleuth.te 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/apps/podsleuth.te 2008-09-22 16:03:15.000000000 -0400
|
||||||
@@ -11,24 +11,55 @@
|
@@ -11,24 +11,55 @@
|
||||||
application_domain(podsleuth_t, podsleuth_exec_t)
|
application_domain(podsleuth_t, podsleuth_exec_t)
|
||||||
role system_r types podsleuth_t;
|
role system_r types podsleuth_t;
|
||||||
@ -5136,7 +5153,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
#
|
#
|
||||||
-
|
-
|
||||||
-allow podsleuth_t self:process { signal getsched execheap execmem };
|
-allow podsleuth_t self:process { signal getsched execheap execmem };
|
||||||
+allow podsleuth_t self:capability sys_admin;
|
+allow podsleuth_t self:capability { sys_admin sys_rawio };
|
||||||
+allow podsleuth_t self:process { ptrace signal getsched execheap execmem };
|
+allow podsleuth_t self:process { ptrace signal getsched execheap execmem };
|
||||||
allow podsleuth_t self:fifo_file rw_file_perms;
|
allow podsleuth_t self:fifo_file rw_file_perms;
|
||||||
allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
|
allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
@ -18214,7 +18231,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
|
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.5.8/policy/modules/services/mailman.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.5.8/policy/modules/services/mailman.if
|
||||||
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/mailman.if 2008-09-19 10:41:48.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/mailman.if 2008-09-23 08:33:22.000000000 -0400
|
||||||
@@ -31,6 +31,12 @@
|
@@ -31,6 +31,12 @@
|
||||||
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
|
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow mailman_$1_t self:udp_socket create_socket_perms;
|
allow mailman_$1_t self:udp_socket create_socket_perms;
|
||||||
@ -21197,7 +21214,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.8/policy/modules/services/postfix.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.8/policy/modules/services/postfix.te
|
||||||
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/postfix.te 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/postfix.te 2008-09-23 09:58:09.000000000 -0400
|
||||||
@@ -6,6 +6,14 @@
|
@@ -6,6 +6,14 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -21311,7 +21328,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
# for postalias
|
# for postalias
|
||||||
mailman_manage_data_files(postfix_master_t)
|
mailman_manage_data_files(postfix_master_t)
|
||||||
')
|
')
|
||||||
@@ -255,6 +275,10 @@
|
@@ -196,6 +216,10 @@
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
+ postgrey_search_spool(postfix_master_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
sendmail_signal(postfix_master_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
@@ -255,6 +279,10 @@
|
||||||
|
|
||||||
corecmd_exec_bin(postfix_cleanup_t)
|
corecmd_exec_bin(postfix_cleanup_t)
|
||||||
|
|
||||||
@ -21322,7 +21350,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Postfix local local policy
|
# Postfix local local policy
|
||||||
@@ -280,18 +304,25 @@
|
@@ -280,18 +308,25 @@
|
||||||
|
|
||||||
files_read_etc_files(postfix_local_t)
|
files_read_etc_files(postfix_local_t)
|
||||||
|
|
||||||
@ -21348,7 +21376,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -302,8 +333,7 @@
|
@@ -302,8 +337,7 @@
|
||||||
#
|
#
|
||||||
# Postfix map local policy
|
# Postfix map local policy
|
||||||
#
|
#
|
||||||
@ -21358,7 +21386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
|
allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow postfix_map_t self:unix_dgram_socket create_socket_perms;
|
allow postfix_map_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow postfix_map_t self:tcp_socket create_stream_socket_perms;
|
allow postfix_map_t self:tcp_socket create_stream_socket_perms;
|
||||||
@@ -353,8 +383,6 @@
|
@@ -353,8 +387,6 @@
|
||||||
|
|
||||||
miscfiles_read_localization(postfix_map_t)
|
miscfiles_read_localization(postfix_map_t)
|
||||||
|
|
||||||
@ -21367,7 +21395,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
tunable_policy(`read_default_t',`
|
tunable_policy(`read_default_t',`
|
||||||
files_list_default(postfix_map_t)
|
files_list_default(postfix_map_t)
|
||||||
files_read_default_files(postfix_map_t)
|
files_read_default_files(postfix_map_t)
|
||||||
@@ -367,6 +395,11 @@
|
@@ -367,6 +399,11 @@
|
||||||
locallogin_dontaudit_use_fds(postfix_map_t)
|
locallogin_dontaudit_use_fds(postfix_map_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -21379,7 +21407,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Postfix pickup local policy
|
# Postfix pickup local policy
|
||||||
@@ -391,6 +424,7 @@
|
@@ -391,6 +428,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
|
allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
|
||||||
@ -21387,7 +21415,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
|
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
|
||||||
|
|
||||||
@@ -398,6 +432,12 @@
|
@@ -398,6 +436,12 @@
|
||||||
|
|
||||||
rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
|
rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
|
||||||
|
|
||||||
@ -21400,7 +21428,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
procmail_domtrans(postfix_pipe_t)
|
procmail_domtrans(postfix_pipe_t)
|
||||||
')
|
')
|
||||||
@@ -407,6 +447,14 @@
|
@@ -407,6 +451,14 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -21415,7 +21443,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
uucp_domtrans_uux(postfix_pipe_t)
|
uucp_domtrans_uux(postfix_pipe_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -443,8 +491,11 @@
|
@@ -443,8 +495,11 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -21429,7 +21457,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
@@ -470,6 +521,15 @@
|
@@ -470,6 +525,15 @@
|
||||||
init_sigchld_script(postfix_postqueue_t)
|
init_sigchld_script(postfix_postqueue_t)
|
||||||
init_use_script_fds(postfix_postqueue_t)
|
init_use_script_fds(postfix_postqueue_t)
|
||||||
|
|
||||||
@ -21445,7 +21473,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Postfix qmgr local policy
|
# Postfix qmgr local policy
|
||||||
@@ -553,6 +613,10 @@
|
@@ -553,6 +617,10 @@
|
||||||
mta_read_aliases(postfix_smtpd_t)
|
mta_read_aliases(postfix_smtpd_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -21456,7 +21484,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
mailman_read_data_files(postfix_smtpd_t)
|
mailman_read_data_files(postfix_smtpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -579,7 +643,7 @@
|
@@ -579,7 +647,7 @@
|
||||||
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
|
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
|
||||||
|
|
||||||
# connect to master process
|
# connect to master process
|
||||||
@ -21710,8 +21738,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
|
+/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.5.8/policy/modules/services/postgrey.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.5.8/policy/modules/services/postgrey.if
|
||||||
--- nsaserefpolicy/policy/modules/services/postgrey.if 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/postgrey.if 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/postgrey.if 2008-09-19 10:23:31.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/postgrey.if 2008-09-23 09:13:18.000000000 -0400
|
||||||
@@ -12,10 +12,80 @@
|
@@ -12,10 +12,98 @@
|
||||||
#
|
#
|
||||||
interface(`postgrey_stream_connect',`
|
interface(`postgrey_stream_connect',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -21728,6 +21756,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Search the spool directory
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`postgrey_search_spool',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type postgrey_spool_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 postgrey_spool_t:dir search_dir_perms;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
+## Execute postgrey server in the postgrey domain.
|
+## Execute postgrey server in the postgrey domain.
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -21796,7 +21842,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.5.8/policy/modules/services/postgrey.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.5.8/policy/modules/services/postgrey.te
|
||||||
--- nsaserefpolicy/policy/modules/services/postgrey.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/postgrey.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/postgrey.te 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/postgrey.te 2008-09-23 09:17:06.000000000 -0400
|
||||||
@@ -13,26 +13,38 @@
|
@@ -13,26 +13,38 @@
|
||||||
type postgrey_etc_t;
|
type postgrey_etc_t;
|
||||||
files_config_file(postgrey_etc_t)
|
files_config_file(postgrey_etc_t)
|
||||||
@ -30951,7 +30997,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.8/policy/modules/system/logging.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.8/policy/modules/system/logging.te
|
||||||
--- nsaserefpolicy/policy/modules/system/logging.te 2008-09-03 10:17:00.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/logging.te 2008-09-03 10:17:00.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/system/logging.te 2008-09-17 08:49:09.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/system/logging.te 2008-09-23 08:51:04.000000000 -0400
|
||||||
@@ -72,6 +72,12 @@
|
@@ -72,6 +72,12 @@
|
||||||
logging_log_file(var_log_t)
|
logging_log_file(var_log_t)
|
||||||
files_mountpoint(var_log_t)
|
files_mountpoint(var_log_t)
|
||||||
@ -30992,7 +31038,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
|
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
|
||||||
# Probably want a transition, and a new auditd_helper app
|
# Probably want a transition, and a new auditd_helper app
|
||||||
corecmd_exec_bin(auditd_t)
|
corecmd_exec_bin(auditd_t)
|
||||||
@@ -241,6 +257,7 @@
|
@@ -230,6 +246,8 @@
|
||||||
|
|
||||||
|
miscfiles_read_localization(audisp_t)
|
||||||
|
|
||||||
|
+sysnet_dns_name_resolve(audisp_t)
|
||||||
|
+
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Audit remote logger local policy
|
||||||
|
@@ -241,6 +259,7 @@
|
||||||
corenet_all_recvfrom_netlabel(audisp_remote_t)
|
corenet_all_recvfrom_netlabel(audisp_remote_t)
|
||||||
corenet_tcp_sendrecv_all_if(audisp_remote_t)
|
corenet_tcp_sendrecv_all_if(audisp_remote_t)
|
||||||
corenet_tcp_sendrecv_all_nodes(audisp_remote_t)
|
corenet_tcp_sendrecv_all_nodes(audisp_remote_t)
|
||||||
|
|||||||
@ -130,6 +130,7 @@ echo -n > %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
|
|||||||
%dir %{_sysconfdir}/selinux/%1/contexts/users \
|
%dir %{_sysconfdir}/selinux/%1/contexts/users \
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
|
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
|
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
|
||||||
|
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
|
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
|
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
|
||||||
|
|
||||||
@ -317,7 +318,6 @@ exit 0
|
|||||||
|
|
||||||
%files targeted
|
%files targeted
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
|
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/xguest_u
|
|
||||||
%fileList targeted
|
%fileList targeted
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user