[selinux-policy: 1795/3172] trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:40:07 UTC 2010
commit 6dd721a686b2d2ad5963cf3be5d405c6b31b7618
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Aug 27 17:57:36 2007 +0000
trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate.
policy/modules/admin/logrotate.te | 13 ++-----------
policy/modules/apps/games.fc | 12 +++---------
policy/modules/apps/games.te | 2 +-
policy/modules/apps/slocate.te | 5 ++++-
policy/modules/services/amavis.te | 3 ++-
policy/modules/services/radius.te | 3 ++-
policy/modules/services/rshd.te | 3 +--
policy/modules/services/sendmail.if | 18 ++++++++++++++++++
policy/modules/services/sendmail.te | 2 +-
9 files changed, 34 insertions(+), 27 deletions(-)
---
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index 25e4744..1d789ce 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -1,5 +1,5 @@
-policy_module(logrotate,1.5.0)
+policy_module(logrotate,1.5.1)
########################################
#
@@ -80,6 +80,7 @@ selinux_get_fs_mount(logrotate_t)
selinux_get_enforce_mode(logrotate_t)
auth_manage_login_records(logrotate_t)
+auth_use_nsswitch(logrotate_t)
# Run helper programs.
corecmd_exec_bin(logrotate_t)
@@ -114,8 +115,6 @@ miscfiles_read_localization(logrotate_t)
seutil_dontaudit_read_config(logrotate_t)
-sysnet_read_config(logrotate_t)
-
userdom_dontaudit_search_sysadm_home_dirs(logrotate_t)
userdom_use_unpriv_users_fds(logrotate_t)
@@ -177,14 +176,6 @@ optional_policy(`
')
optional_policy(`
- nis_use_ypbind(logrotate_t)
-')
-
-optional_policy(`
- nscd_socket_use(logrotate_t)
-')
-
-optional_policy(`
slrnpull_manage_spool(logrotate_t)
')
diff --git a/policy/modules/apps/games.fc b/policy/modules/apps/games.fc
index 0e5ed81..78dc515 100644
--- a/policy/modules/apps/games.fc
+++ b/policy/modules/apps/games.fc
@@ -1,22 +1,16 @@
#
# /usr
#
-/usr/games/powermanga -- gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/nethack-3.4.3/nethack -- gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/vulturesclaw/vulturesclaw -- gen_context(system_u:object_r:games_exec_t,s0)
-/usr/games/vultureseye/vultureseye -- gen_context(system_u:object_r:games_exec_t,s0)
-
/usr/lib/games(/.*)? gen_context(system_u:object_r:games_exec_t,s0)
+/usr/games/.* -- gen_context(system_u:object_r:games_exec_t,s0)
#
# /var
#
/var/lib/games(/.*)? gen_context(system_u:object_r:games_data_t,s0)
-
-ifdef(`distro_debian', `
-/usr/games/.* -- gen_context(system_u:object_r:games_exec_t,s0)
/var/games(/.*)? gen_context(system_u:object_r:games_data_t,s0)
-', `
+
+ifndef(`distro_debian',`
/usr/bin/micq -- gen_context(system_u:object_r:games_exec_t,s0)
/usr/bin/blackjack -- gen_context(system_u:object_r:games_exec_t,s0)
/usr/bin/gataxx -- gen_context(system_u:object_r:games_exec_t,s0)
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
index 863d8b0..5e7aea9 100644
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@@ -1,5 +1,5 @@
-policy_module(games,1.3.1)
+policy_module(games,1.3.2)
########################################
#
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
index f14c961..eeeb573 100644
--- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te
@@ -1,5 +1,5 @@
-policy_module(slocate,1.5.0)
+policy_module(slocate,1.5.1)
#################################
#
@@ -47,6 +47,9 @@ fs_getattr_all_fs(locate_t)
fs_getattr_all_files(locate_t)
fs_list_all(locate_t)
+# getpwnam
+auth_use_nsswitch(locate_t)
+
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index 62d8672..0201e0e 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -1,5 +1,5 @@
-policy_module(amavis,1.3.0)
+policy_module(amavis,1.3.1)
########################################
#
@@ -171,6 +171,7 @@ optional_policy(`
optional_policy(`
pyzor_domtrans(amavis_t)
+ pyzor_signal(amavis_t)
')
optional_policy(`
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
index 3ddb77c..e16e5f3 100644
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@@ -1,5 +1,5 @@
-policy_module(radius,1.4.0)
+policy_module(radius,1.4.1)
########################################
#
@@ -99,6 +99,7 @@ libs_exec_lib_files(radiusd_t)
logging_send_syslog_msg(radiusd_t)
miscfiles_read_localization(radiusd_t)
+miscfiles_read_certs(radiusd_t)
sysnet_read_config(radiusd_t)
diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te
index a106d2c..b3b6103 100644
--- a/policy/modules/services/rshd.te
+++ b/policy/modules/services/rshd.te
@@ -1,5 +1,5 @@
-policy_module(rshd,1.3.0)
+policy_module(rshd,1.3.1)
########################################
#
@@ -67,7 +67,6 @@ sysnet_read_config(rshd_t)
userdom_search_all_users_home_content(rshd_t)
ifdef(`targeted_policy',`
- unconfined_domain(rshd_t)
unconfined_shell_domtrans(rshd_t)
')
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 300fd37..4e176de 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -41,6 +41,24 @@ interface(`sendmail_domtrans',`
########################################
## <summary>
+## Send generic signals to sendmail.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sendmail_signal',`
+ gen_require(`
+ type sendmail_t;
+ ')
+
+ allow $1 sendmail_t:process signal;
+')
+
+########################################
+## <summary>
## Read and write sendmail TCP sockets.
## </summary>
## <param name="domain">
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 524b886..33a484f 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
-policy_module(sendmail,1.5.1)
+policy_module(sendmail,1.5.2)
########################################
#
More information about the scm-commits
mailing list