[selinux-policy: 727/3172] partial mailman merge
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:07:42 UTC 2010
commit 9d3e339e8245f27b4d496ac6a8550ccf4ad74450
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Oct 7 19:35:36 2005 +0000
partial mailman merge
refpolicy/policy/modules/services/mta.if | 16 +++++++++++++++
refpolicy/policy/modules/system/files.if | 31 +++++++++++++++++++++++++----
2 files changed, 42 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index ccd249d..1bc0177 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -281,6 +281,22 @@ interface(`mta_send_mail',`
')
#######################################
+## <summary>
+## Connect to all mail servers over TCP.
+## </summary>
+## <param name="domain">
+## Mail server domain.
+## </param>
+#
+interface(`mta_tcp_connect_all_mailservers',`
+ gen_require(`
+ attribute mailserver_domain;
+ ')
+
+ allow $1 mailserver_domain:tcp_socket { connectto recvfrom };
+')
+
+#######################################
#
# mta_exec(domain)
#
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index d365295..87a1c41 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -2429,13 +2429,30 @@ interface(`files_search_locks',`
interface(`files_dontaudit_search_locks',`
gen_require(`
type var_lock_t;
- class dir search;
')
dontaudit $1 var_lock_t:dir search;
')
########################################
+## <summary>
+## Add and remove entries in the /var/lock
+## directories.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
+#
+interface(`files_rw_locks_dir',`
+ gen_require(`
+ type var_t, var_lock_t;
+ ')
+
+ allow $1 var_t:dir search;
+ allow $1 var_lock_t:dir rw_dir_perms;
+')
+
+########################################
#
# files_getattr_generic_locks(domain)
#
@@ -2535,16 +2552,20 @@ interface(`files_search_pids',`
')
########################################
-#
-# files_dontaudit_search_pids(domain)
+## <summary>
+## Do not audit attempts to search
+## the /var/run directory.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
#
interface(`files_dontaudit_search_pids',`
gen_require(`
type var_run_t;
- class dir search;
')
- allow $1 var_run_t:dir search;
+ dontaudit $1 var_run_t:dir search;
')
########################################
More information about the scm-commits
mailing list