- Update to upstream
- Fix crontab use by unconfined user
This commit is contained in:
Daniel J Walsh
parent
cd8bee594b
commit
d7927ab643
@ -20593,7 +20593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## </summary>
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te
|
||||
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-26 13:30:44.000000000 -0400
|
||||
+++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-29 15:43:57.000000000 -0400
|
||||
@@ -6,6 +6,14 @@
|
||||
# Declarations
|
||||
#
|
||||
@ -20681,7 +20681,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# allow access to deferred queue and allow removing bogus incoming entries
|
||||
manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
|
||||
manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
|
||||
@@ -181,12 +195,17 @@
|
||||
@@ -142,6 +156,7 @@
|
||||
|
||||
delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
|
||||
rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
|
||||
+setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
|
||||
|
||||
kernel_read_all_sysctls(postfix_master_t)
|
||||
|
||||
@@ -181,12 +196,17 @@
|
||||
|
||||
mta_rw_aliases(postfix_master_t)
|
||||
mta_read_sendmail_bin(postfix_master_t)
|
||||
@ -20699,7 +20707,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# for postalias
|
||||
mailman_manage_data_files(postfix_master_t)
|
||||
')
|
||||
@@ -255,6 +274,10 @@
|
||||
@@ -255,6 +275,10 @@
|
||||
|
||||
corecmd_exec_bin(postfix_cleanup_t)
|
||||
|
||||
@ -20710,7 +20718,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
#
|
||||
# Postfix local local policy
|
||||
@@ -280,18 +303,25 @@
|
||||
@@ -280,18 +304,25 @@
|
||||
|
||||
files_read_etc_files(postfix_local_t)
|
||||
|
||||
@ -20736,7 +20744,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -302,8 +332,7 @@
|
||||
@@ -302,8 +333,7 @@
|
||||
#
|
||||
# Postfix map local policy
|
||||
#
|
||||
@ -20746,7 +20754,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow postfix_map_t self:unix_dgram_socket create_socket_perms;
|
||||
allow postfix_map_t self:tcp_socket create_stream_socket_perms;
|
||||
@@ -353,8 +382,6 @@
|
||||
@@ -353,8 +383,6 @@
|
||||
|
||||
miscfiles_read_localization(postfix_map_t)
|
||||
|
||||
@ -20755,7 +20763,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
tunable_policy(`read_default_t',`
|
||||
files_list_default(postfix_map_t)
|
||||
files_read_default_files(postfix_map_t)
|
||||
@@ -367,6 +394,11 @@
|
||||
@@ -367,6 +395,11 @@
|
||||
locallogin_dontaudit_use_fds(postfix_map_t)
|
||||
')
|
||||
|
||||
@ -20767,7 +20775,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
#
|
||||
# Postfix pickup local policy
|
||||
@@ -391,6 +423,7 @@
|
||||
@@ -391,6 +424,7 @@
|
||||
#
|
||||
|
||||
allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
|
||||
@ -20775,7 +20783,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
|
||||
|
||||
@@ -398,6 +431,12 @@
|
||||
@@ -398,6 +432,12 @@
|
||||
|
||||
rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
|
||||
|
||||
@ -20788,7 +20796,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
procmail_domtrans(postfix_pipe_t)
|
||||
')
|
||||
@@ -407,6 +446,14 @@
|
||||
@@ -407,6 +447,14 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -20803,7 +20811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
uucp_domtrans_uux(postfix_pipe_t)
|
||||
')
|
||||
|
||||
@@ -443,8 +490,7 @@
|
||||
@@ -443,8 +491,7 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -20813,7 +20821,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -470,6 +516,15 @@
|
||||
@@ -470,6 +517,15 @@
|
||||
init_sigchld_script(postfix_postqueue_t)
|
||||
init_use_script_fds(postfix_postqueue_t)
|
||||
|
||||
@ -20829,7 +20837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
#
|
||||
# Postfix qmgr local policy
|
||||
@@ -564,6 +619,10 @@
|
||||
@@ -564,6 +620,10 @@
|
||||
sasl_connect(postfix_smtpd_t)
|
||||
')
|
||||
|
||||
@ -20840,7 +20848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
#
|
||||
# Postfix virtual local policy
|
||||
@@ -579,7 +638,7 @@
|
||||
@@ -579,7 +639,7 @@
|
||||
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
|
||||
|
||||
# connect to master process
|
||||
@ -29787,6 +29795,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+optional_policy(`
|
||||
+ xserver_rw_xdm_home_files(daemon)
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.5.5/policy/modules/system/iscsi.te
|
||||
--- nsaserefpolicy/policy/modules/system/iscsi.te 2008-08-11 11:23:34.000000000 -0400
|
||||
+++ serefpolicy-3.5.5/policy/modules/system/iscsi.te 2008-08-29 15:34:11.000000000 -0400
|
||||
@@ -28,7 +28,7 @@
|
||||
# iscsid local policy
|
||||
#
|
||||
|
||||
-allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
|
||||
+allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_nice sys_resource };
|
||||
allow iscsid_t self:process { setrlimit setsched signal };
|
||||
allow iscsid_t self:fifo_file { read write };
|
||||
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.5/policy/modules/system/libraries.fc
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
|
||||
+++ serefpolicy-3.5.5/policy/modules/system/libraries.fc 2008-08-25 13:04:38.000000000 -0400
|
||||
|
||||
Loading…
Reference in New Issue
Block a user