[selinux-policy: 1742/3172] trunk: snmp tweak from dan

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:35:32 UTC 2010 

commit a39a9313625234be662cde5e454ab65ae12011f0
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue May 15 18:06:31 2007 +0000

    trunk: snmp tweak from dan

 policy/modules/services/mta.if      |   19 +++++++++++++++++++
 policy/modules/services/mta.te      |    2 +-
 policy/modules/services/sendmail.if |   22 +++++++++++++++++++++-
 policy/modules/services/sendmail.te |    2 +-
 policy/modules/services/snmp.te     |   15 ++++++++-------
 5 files changed, 50 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index c527eee..5fc01ef 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -807,6 +807,25 @@ interface(`mta_manage_spool',`
 	manage_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
 ')
 
+########################################
+## <summary>
+##	Search mail queue dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`mta_search_queue',`
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mqueue_spool_t:dir search_dir_perms;
+')
+
 #######################################
 ## <summary>
 ##	Do not audit attempts to read and
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 2f4d54c..23254a3 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
 
-policy_module(mta,1.6.0)
+policy_module(mta,1.6.1)
 
 ########################################
 #
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 7c70d80..300fd37 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -76,6 +76,26 @@ interface(`sendmail_rw_unix_stream_sockets',`
 
 ########################################
 ## <summary>
+##	Read sendmail logs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`sendmail_read_log',`
+	gen_require(`
+		type sendmail_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, sendmail_log_t, sendmail_log_t)
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete sendmail logs.
 ## </summary>
 ## <param name="domain">
@@ -91,7 +111,7 @@ interface(`sendmail_manage_log',`
 	')
 
 	logging_search_logs($1)
-	allow $1 sendmail_log_t:file manage_file_perms;
+	manage_files_pattern($1, sendmail_log_t, sendmail_log_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 20be6ae..67257c9 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
 
-policy_module(sendmail,1.4.0)
+policy_module(sendmail,1.4.1)
 
 ########################################
 #
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 8cc09c5..40ebbd7 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
 
-policy_module(snmp,1.4.1)
+policy_module(snmp,1.4.2)
 
 ########################################
 #
@@ -26,7 +26,7 @@ files_type(snmpd_var_lib_t)
 # Local policy
 #
 allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
-dontaudit snmpd_t self:capability sys_tty_config;
+dontaudit snmpd_t self:capability { sys_module sys_tty_config };
 allow snmpd_t self:fifo_file rw_fifo_file_perms;
 allow snmpd_t self:unix_dgram_socket create_socket_perms;
 allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
@@ -130,23 +130,24 @@ optional_policy(`
 ')
 
 optional_policy(`
-	cups_read_rw_config(snmpd_t)
+	auth_use_nsswitch(snmpd_t)
 ')
 
 optional_policy(`
-	mta_read_config(snmpd_t)
+	cups_read_rw_config(snmpd_t)
 ')
 
 optional_policy(`
-	nis_use_ypbind(snmpd_t)
+	mta_read_config(snmpd_t)
+	mta_search_queue(snmpd_t)
 ')
 
 optional_policy(`
-	nscd_socket_use(snmpd_t)
+	rpc_search_nfs_state_data(snmpd_t)
 ')
 
 optional_policy(`
-	rpc_search_nfs_state_data(snmpd_t)
+	sendmail_read_log(snmpd_t)
 ')
 
 optional_policy(`

More information about the scm-commits mailing list