rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Mar 02 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-243

Browse Source 
-  Allow abrt_t to send mails.
This commit is contained in:
Lukas Vrabec 2017-03-02 10:12:44 +01:00
parent fbdb6e98da
commit b77d5e5e60
3 changed files with 23 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
container-selinux.tgz
View File

Binary file not shown.

34
policy-rawhide-contrib.patch
View File

@ -589,7 +589,7 @@ index 058d908..ee0c559 100644
+') +')
+ +
diff --git a/abrt.te b/abrt.te diff --git a/abrt.te b/abrt.te
index eb50f07..def23ab 100644 index eb50f07..47b757a 100644
--- a/abrt.te --- a/abrt.te
+++ b/abrt.te +++ b/abrt.te
@@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1) @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1)
@ -838,11 +838,11 @@ index eb50f07..def23ab 100644
+logging_send_syslog_msg(abrt_t) +logging_send_syslog_msg(abrt_t)
+logging_stream_connect_syslog(abrt_t) +logging_stream_connect_syslog(abrt_t)
+logging_read_syslog_pid(abrt_t) +logging_read_syslog_pid(abrt_t)
+
+auth_use_nsswitch(abrt_t) +auth_use_nsswitch(abrt_t)
+ +
+init_read_utmp(abrt_t) +init_read_utmp(abrt_t)
+
+miscfiles_read_generic_certs(abrt_t) +miscfiles_read_generic_certs(abrt_t)
miscfiles_read_public_files(abrt_t) miscfiles_read_public_files(abrt_t)
+miscfiles_dontaudit_access_check_cert(abrt_t) +miscfiles_dontaudit_access_check_cert(abrt_t)
@ -870,7 +870,7 @@ index eb50f07..def23ab 100644
') ')
optional_policy(` optional_policy(`
@@ -222,6 +255,32 @@ optional_policy(` @@ -222,6 +255,36 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -886,6 +886,10 @@ index eb50f07..def23ab 100644
+') +')
+ +
+optional_policy(` +optional_policy(`
+ mta_send_mail(abrt_t)
+')
+
+optional_policy(`
+ mcelog_read_log(abrt_t) + mcelog_read_log(abrt_t)
+') +')
+ +
@ -903,7 +907,7 @@ index eb50f07..def23ab 100644
policykit_domtrans_auth(abrt_t) policykit_domtrans_auth(abrt_t)
policykit_read_lib(abrt_t) policykit_read_lib(abrt_t)
policykit_read_reload(abrt_t) policykit_read_reload(abrt_t)
@@ -234,15 +293,22 @@ optional_policy(` @@ -234,15 +297,22 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -926,7 +930,7 @@ index eb50f07..def23ab 100644
optional_policy(` optional_policy(`
sendmail_domtrans(abrt_t) sendmail_domtrans(abrt_t)
') ')
@@ -253,9 +319,21 @@ optional_policy(` @@ -253,9 +323,21 @@ optional_policy(`
sosreport_delete_tmp_files(abrt_t) sosreport_delete_tmp_files(abrt_t)
') ')
@ -949,7 +953,7 @@ index eb50f07..def23ab 100644
# #
allow abrt_handle_event_t self:fifo_file rw_fifo_file_perms; allow abrt_handle_event_t self:fifo_file rw_fifo_file_perms;
@@ -266,9 +344,13 @@ tunable_policy(`abrt_handle_event',` @@ -266,9 +348,13 @@ tunable_policy(`abrt_handle_event',`
can_exec(abrt_t, abrt_handle_event_exec_t) can_exec(abrt_t, abrt_handle_event_exec_t)
') ')
@ -964,7 +968,7 @@ index eb50f07..def23ab 100644
# #
allow abrt_helper_t self:capability { chown setgid sys_nice }; allow abrt_helper_t self:capability { chown setgid sys_nice };
@@ -281,6 +363,7 @@ manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) @@ -281,6 +367,7 @@ manage_dirs_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
manage_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) manage_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
manage_lnk_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t) manage_lnk_files_pattern(abrt_helper_t, abrt_var_cache_t, abrt_var_cache_t)
files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir }) files_var_filetrans(abrt_helper_t, abrt_var_cache_t, { file dir })
@ -972,7 +976,7 @@ index eb50f07..def23ab 100644
read_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t) read_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
read_lnk_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t) read_lnk_files_pattern(abrt_helper_t, abrt_var_run_t, abrt_var_run_t)
@@ -289,15 +372,20 @@ corecmd_read_all_executables(abrt_helper_t) @@ -289,15 +376,20 @@ corecmd_read_all_executables(abrt_helper_t)
domain_read_all_domains_state(abrt_helper_t) domain_read_all_domains_state(abrt_helper_t)
@ -993,7 +997,7 @@ index eb50f07..def23ab 100644
userdom_dontaudit_read_user_home_content_files(abrt_helper_t) userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
userdom_dontaudit_read_user_tmp_files(abrt_helper_t) userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
dev_dontaudit_read_all_blk_files(abrt_helper_t) dev_dontaudit_read_all_blk_files(abrt_helper_t)
@@ -305,11 +393,25 @@ ifdef(`hide_broken_symptoms',` @@ -305,11 +397,25 @@ ifdef(`hide_broken_symptoms',`
dev_dontaudit_write_all_chr_files(abrt_helper_t) dev_dontaudit_write_all_chr_files(abrt_helper_t)
dev_dontaudit_write_all_blk_files(abrt_helper_t) dev_dontaudit_write_all_blk_files(abrt_helper_t)
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t) fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
@ -1020,7 +1024,7 @@ index eb50f07..def23ab 100644
# #
allow abrt_retrace_coredump_t self:fifo_file rw_fifo_file_perms; allow abrt_retrace_coredump_t self:fifo_file rw_fifo_file_perms;
@@ -327,10 +429,12 @@ corecmd_exec_shell(abrt_retrace_coredump_t) @@ -327,10 +433,12 @@ corecmd_exec_shell(abrt_retrace_coredump_t)
dev_read_urand(abrt_retrace_coredump_t) dev_read_urand(abrt_retrace_coredump_t)
@ -1034,7 +1038,7 @@ index eb50f07..def23ab 100644
optional_policy(` optional_policy(`
rpm_exec(abrt_retrace_coredump_t) rpm_exec(abrt_retrace_coredump_t)
rpm_dontaudit_manage_db(abrt_retrace_coredump_t) rpm_dontaudit_manage_db(abrt_retrace_coredump_t)
@@ -343,10 +447,11 @@ optional_policy(` @@ -343,10 +451,11 @@ optional_policy(`
####################################### #######################################
# #
@ -1048,7 +1052,7 @@ index eb50f07..def23ab 100644
allow abrt_retrace_worker_t self:fifo_file rw_fifo_file_perms; allow abrt_retrace_worker_t self:fifo_file rw_fifo_file_perms;
domtrans_pattern(abrt_retrace_worker_t, abrt_retrace_coredump_exec_t, abrt_retrace_coredump_t) domtrans_pattern(abrt_retrace_worker_t, abrt_retrace_coredump_exec_t, abrt_retrace_coredump_t)
@@ -365,38 +470,80 @@ corecmd_exec_shell(abrt_retrace_worker_t) @@ -365,38 +474,80 @@ corecmd_exec_shell(abrt_retrace_worker_t)
dev_read_urand(abrt_retrace_worker_t) dev_read_urand(abrt_retrace_worker_t)
@ -1133,7 +1137,7 @@ index eb50f07..def23ab 100644
####################################### #######################################
# #
@@ -404,25 +551,60 @@ logging_read_generic_logs(abrt_dump_oops_t) @@ -404,25 +555,60 @@ logging_read_generic_logs(abrt_dump_oops_t)
# #
allow abrt_watch_log_t self:fifo_file rw_fifo_file_perms; allow abrt_watch_log_t self:fifo_file rw_fifo_file_perms;
@ -1196,7 +1200,7 @@ index eb50f07..def23ab 100644
') ')
####################################### #######################################
@@ -430,10 +612,7 @@ tunable_policy(`abrt_upload_watch_anon_write',` @@ -430,10 +616,7 @@ tunable_policy(`abrt_upload_watch_anon_write',`
# Global local policy # Global local policy
# #

5
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.13.1 Version: 3.13.1
Release: 242%{?dist} Release: 243%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -682,6 +682,9 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Mar 02 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-243
- Allow abrt_t to send mails.
* Mon Feb 27 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-242 * Mon Feb 27 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-242
- Add radius_use_jit boolean - Add radius_use_jit boolean
- Allow nfsd_t domain to create sysctls_rpc_t files - Allow nfsd_t domain to create sysctls_rpc_t files