trunk: Exim updates on Debian from Devin Carrawy.
This commit is contained in:
parent
834401ff97
commit
d57a094347
@ -1,3 +1,4 @@
|
|||||||
|
- Exim updates on Debian from Devin Carrawy.
|
||||||
- Pam and samba updates from Stefan Schulze Frielinghaus.
|
- Pam and samba updates from Stefan Schulze Frielinghaus.
|
||||||
- Backup update on Debian from Vaclav Ovsik.
|
- Backup update on Debian from Vaclav Ovsik.
|
||||||
- Cracklib update on Debian from Vaclav Ovsik.
|
- Cracklib update on Debian from Vaclav Ovsik.
|
||||||
|
@ -1,4 +1,8 @@
|
|||||||
/usr/sbin/exim -- gen_context(system_u:object_r:exim_exec_t,s0)
|
/usr/sbin/exim[0-9]? -- gen_context(system_u:object_r:exim_exec_t,s0)
|
||||||
/var/log/exim(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
|
/var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
|
||||||
/var/run/exim.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
|
/var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
|
||||||
/var/spool/exim(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
|
/var/spool/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
|
||||||
|
|
||||||
|
ifdef(`distro_debian',`
|
||||||
|
/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
|
||||||
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(exim,1.0.0)
|
policy_module(exim,1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -42,7 +42,7 @@ files_pid_file(exim_var_run_t)
|
|||||||
# exim local policy
|
# exim local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow exim_t self:capability { dac_override dac_read_search setuid setgid };
|
allow exim_t self:capability { dac_override dac_read_search setuid setgid fowner chown };
|
||||||
allow exim_t self:fifo_file rw_fifo_file_perms;
|
allow exim_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow exim_t self:unix_stream_socket create_stream_socket_perms;
|
allow exim_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow exim_t self:tcp_socket create_stream_socket_perms;
|
allow exim_t self:tcp_socket create_stream_socket_perms;
|
||||||
@ -67,6 +67,8 @@ files_pid_filetrans(exim_t, exim_var_run_t, { file dir })
|
|||||||
|
|
||||||
kernel_read_kernel_sysctls(exim_t)
|
kernel_read_kernel_sysctls(exim_t)
|
||||||
|
|
||||||
|
kernel_dontaudit_read_system_state(exim_t)
|
||||||
|
|
||||||
corecmd_search_bin(exim_t)
|
corecmd_search_bin(exim_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(exim_t)
|
corenet_all_recvfrom_unlabeled(exim_t)
|
||||||
@ -77,8 +79,13 @@ corenet_tcp_bind_all_nodes(exim_t)
|
|||||||
corenet_tcp_bind_smtp_port(exim_t)
|
corenet_tcp_bind_smtp_port(exim_t)
|
||||||
corenet_tcp_bind_amavisd_send_port(exim_t)
|
corenet_tcp_bind_amavisd_send_port(exim_t)
|
||||||
corenet_tcp_connect_auth_port(exim_t)
|
corenet_tcp_connect_auth_port(exim_t)
|
||||||
|
corenet_tcp_connect_smtp_port(exim_t)
|
||||||
|
corenet_tcp_connect_ldap_port(exim_t)
|
||||||
corenet_tcp_connect_inetd_child_port(exim_t)
|
corenet_tcp_connect_inetd_child_port(exim_t)
|
||||||
|
|
||||||
|
dev_read_rand(exim_t)
|
||||||
|
dev_read_urand(exim_t)
|
||||||
|
|
||||||
# Init script handling
|
# Init script handling
|
||||||
domain_use_interactive_fds(exim_t)
|
domain_use_interactive_fds(exim_t)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user