- Add label for ~/.forward and /root/.forward
This commit is contained in:
Daniel J Walsh
parent
9da6c9c025
commit
c0158a8c68
@ -6775,7 +6775,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+permissive afs_t;
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.10/policy/modules/services/apache.fc
|
||||
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-11-11 16:13:46.000000000 -0500
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/apache.fc 2009-03-24 09:03:48.000000000 -0400
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/apache.fc 2009-03-27 14:54:58.000000000 -0400
|
||||
@@ -1,12 +1,13 @@
|
||||
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
|
||||
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
|
||||
@ -8172,7 +8172,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.10/policy/modules/services/bind.fc
|
||||
--- nsaserefpolicy/policy/modules/services/bind.fc 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/bind.fc 2009-03-24 09:03:48.000000000 -0400
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/bind.fc 2009-03-27 15:09:58.000000000 -0400
|
||||
@@ -1,17 +1,22 @@
|
||||
/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
|
||||
+/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
|
||||
@ -8196,14 +8196,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
@@ -40,7 +45,6 @@
|
||||
@@ -40,8 +45,8 @@
|
||||
/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
|
||||
-/var/named/chroot/etc(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
+/var/named/chroot/proc(/.*)? <<none>>
|
||||
/var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0)
|
||||
/var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.10/policy/modules/services/bind.if
|
||||
--- nsaserefpolicy/policy/modules/services/bind.if 2008-11-11 16:13:46.000000000 -0500
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/bind.if 2009-03-24 09:03:48.000000000 -0400
|
||||
@ -13095,7 +13097,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.10/policy/modules/services/mta.fc
|
||||
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/mta.fc 2009-03-24 09:03:48.000000000 -0400
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/mta.fc 2009-03-27 15:09:24.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
|
||||
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
|
||||
@ -13116,7 +13118,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
/var/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
|
||||
@@ -22,7 +25,3 @@
|
||||
@@ -22,7 +25,5 @@
|
||||
/var/spool/imap(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
|
||||
/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
@ -13124,9 +13126,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
-#ifdef(`postfix.te', `', `
|
||||
-#/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
-#')
|
||||
+HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
|
||||
+/root/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.10/policy/modules/services/mta.if
|
||||
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-27 09:50:44.000000000 -0400
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-27 14:46:53.000000000 -0400
|
||||
@@ -130,6 +130,15 @@
|
||||
sendmail_create_log($1_mail_t)
|
||||
')
|
||||
@ -13204,8 +13208,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.10/policy/modules/services/mta.te
|
||||
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/mta.te 2009-03-24 09:03:48.000000000 -0400
|
||||
@@ -47,34 +47,49 @@
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/mta.te 2009-03-27 15:46:19.000000000 -0400
|
||||
@@ -27,6 +27,9 @@
|
||||
type mail_spool_t;
|
||||
files_mountpoint(mail_spool_t)
|
||||
|
||||
+type mail_forward_t, mailcontent_type;
|
||||
+files_type(mail_forward_t)
|
||||
+
|
||||
type sendmail_exec_t;
|
||||
mta_agent_executable(sendmail_exec_t)
|
||||
|
||||
@@ -47,34 +50,49 @@
|
||||
#
|
||||
|
||||
# newalias required this, not sure if it is needed in 'if' file
|
||||
@ -13257,7 +13271,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -88,6 +103,13 @@
|
||||
@@ -88,6 +106,13 @@
|
||||
optional_policy(`
|
||||
cron_read_system_job_tmp_files(system_mail_t)
|
||||
cron_dontaudit_write_pipes(system_mail_t)
|
||||
@ -13271,7 +13285,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -95,16 +117,16 @@
|
||||
@@ -95,16 +120,16 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -13292,7 +13306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -132,10 +154,6 @@
|
||||
@@ -132,10 +157,6 @@
|
||||
# compatability for old default main.cf
|
||||
postfix_config_filetrans(system_mail_t, etc_aliases_t, { dir file lnk_file sock_file fifo_file })
|
||||
')
|
||||
@ -13303,7 +13317,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -155,6 +173,19 @@
|
||||
@@ -155,6 +176,19 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -13323,11 +13337,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
smartmon_read_tmp_files(system_mail_t)
|
||||
')
|
||||
|
||||
@@ -174,6 +205,23 @@
|
||||
@@ -174,6 +208,25 @@
|
||||
')
|
||||
')
|
||||
|
||||
+read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
|
||||
+userdom_search_admin_dir(mailserver_delivery)
|
||||
+read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t)
|
||||
+
|
||||
+init_stream_connect_script(mailserver_delivery)
|
||||
+init_rw_script_stream_sockets(mailserver_delivery)
|
||||
@ -21222,12 +21238,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.10/policy/modules/services/virt.fc
|
||||
--- nsaserefpolicy/policy/modules/services/virt.fc 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/virt.fc 2009-03-24 15:39:18.000000000 -0400
|
||||
@@ -8,5 +8,15 @@
|
||||
+++ serefpolicy-3.6.10/policy/modules/services/virt.fc 2009-03-27 15:22:38.000000000 -0400
|
||||
@@ -8,5 +8,16 @@
|
||||
|
||||
/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
|
||||
/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
|
||||
+/var/lib/libvirt/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
|
||||
+/var/lib/libvirt/boot(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
|
||||
+
|
||||
/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
|
||||
/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.10
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -444,6 +444,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Mar 27 2009 Dan Walsh <dwalsh@redhat.com> 3.6.10-4
|
||||
- Add label for ~/.forward and /root/.forward
|
||||
|
||||
* Thu Mar 26 2009 Dan Walsh <dwalsh@redhat.com> 3.6.10-3
|
||||
- Fixes for svirt
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user