[selinux-policy: 1742/3172] trunk: snmp tweak from dan
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:35:32 UTC 2010
commit a39a9313625234be662cde5e454ab65ae12011f0
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue May 15 18:06:31 2007 +0000
trunk: snmp tweak from dan
policy/modules/services/mta.if | 19 +++++++++++++++++++
policy/modules/services/mta.te | 2 +-
policy/modules/services/sendmail.if | 22 +++++++++++++++++++++-
policy/modules/services/sendmail.te | 2 +-
policy/modules/services/snmp.te | 15 ++++++++-------
5 files changed, 50 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index c527eee..5fc01ef 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -807,6 +807,25 @@ interface(`mta_manage_spool',`
manage_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
')
+########################################
+## <summary>
+## Search mail queue dirs.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mta_search_queue',`
+ gen_require(`
+ type mqueue_spool_t;
+ ')
+
+ files_search_spool($1)
+ allow $1 mqueue_spool_t:dir search_dir_perms;
+')
+
#######################################
## <summary>
## Do not audit attempts to read and
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 2f4d54c..23254a3 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
-policy_module(mta,1.6.0)
+policy_module(mta,1.6.1)
########################################
#
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 7c70d80..300fd37 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -76,6 +76,26 @@ interface(`sendmail_rw_unix_stream_sockets',`
########################################
## <summary>
+## Read sendmail logs.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`sendmail_read_log',`
+ gen_require(`
+ type sendmail_log_t;
+ ')
+
+ logging_search_logs($1)
+ read_files_pattern($1, sendmail_log_t, sendmail_log_t)
+')
+
+########################################
+## <summary>
## Create, read, write, and delete sendmail logs.
## </summary>
## <param name="domain">
@@ -91,7 +111,7 @@ interface(`sendmail_manage_log',`
')
logging_search_logs($1)
- allow $1 sendmail_log_t:file manage_file_perms;
+ manage_files_pattern($1, sendmail_log_t, sendmail_log_t)
')
########################################
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 20be6ae..67257c9 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
-policy_module(sendmail,1.4.0)
+policy_module(sendmail,1.4.1)
########################################
#
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 8cc09c5..40ebbd7 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
-policy_module(snmp,1.4.1)
+policy_module(snmp,1.4.2)
########################################
#
@@ -26,7 +26,7 @@ files_type(snmpd_var_lib_t)
# Local policy
#
allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
-dontaudit snmpd_t self:capability sys_tty_config;
+dontaudit snmpd_t self:capability { sys_module sys_tty_config };
allow snmpd_t self:fifo_file rw_fifo_file_perms;
allow snmpd_t self:unix_dgram_socket create_socket_perms;
allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
@@ -130,23 +130,24 @@ optional_policy(`
')
optional_policy(`
- cups_read_rw_config(snmpd_t)
+ auth_use_nsswitch(snmpd_t)
')
optional_policy(`
- mta_read_config(snmpd_t)
+ cups_read_rw_config(snmpd_t)
')
optional_policy(`
- nis_use_ypbind(snmpd_t)
+ mta_read_config(snmpd_t)
+ mta_search_queue(snmpd_t)
')
optional_policy(`
- nscd_socket_use(snmpd_t)
+ rpc_search_nfs_state_data(snmpd_t)
')
optional_policy(`
- rpc_search_nfs_state_data(snmpd_t)
+ sendmail_read_log(snmpd_t)
')
optional_policy(`
More information about the scm-commits
mailing list