[selinux-policy: 1906/3172] trunk: Exim updates on Debian from Devin Carrawy.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:49:45 UTC 2010
commit d57a094347949aee977db69dea63d7d9b5577153
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 4 18:25:13 2008 +0000
trunk: Exim updates on Debian from Devin Carrawy.
Changelog | 1 +
policy/modules/services/exim.fc | 12 ++++++++----
policy/modules/services/exim.te | 11 +++++++++--
3 files changed, 18 insertions(+), 6 deletions(-)
---
diff --git a/Changelog b/Changelog
index f4ed5d7..729781f 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Exim updates on Debian from Devin Carrawy.
- Pam and samba updates from Stefan Schulze Frielinghaus.
- Backup update on Debian from Vaclav Ovsik.
- Cracklib update on Debian from Vaclav Ovsik.
diff --git a/policy/modules/services/exim.fc b/policy/modules/services/exim.fc
index 8df1594..ad4e0a0 100644
--- a/policy/modules/services/exim.fc
+++ b/policy/modules/services/exim.fc
@@ -1,4 +1,8 @@
-/usr/sbin/exim -- gen_context(system_u:object_r:exim_exec_t,s0)
-/var/log/exim(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
-/var/run/exim.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
-/var/spool/exim(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
+/usr/sbin/exim[0-9]? -- gen_context(system_u:object_r:exim_exec_t,s0)
+/var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
+/var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
+/var/spool/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
+
+ifdef(`distro_debian',`
+/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
+')
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
index cf4b4f9..d6360c0 100644
--- a/policy/modules/services/exim.te
+++ b/policy/modules/services/exim.te
@@ -1,5 +1,5 @@
-policy_module(exim,1.0.0)
+policy_module(exim,1.0.1)
########################################
#
@@ -42,7 +42,7 @@ files_pid_file(exim_var_run_t)
# exim local policy
#
-allow exim_t self:capability { dac_override dac_read_search setuid setgid };
+allow exim_t self:capability { dac_override dac_read_search setuid setgid fowner chown };
allow exim_t self:fifo_file rw_fifo_file_perms;
allow exim_t self:unix_stream_socket create_stream_socket_perms;
allow exim_t self:tcp_socket create_stream_socket_perms;
@@ -67,6 +67,8 @@ files_pid_filetrans(exim_t, exim_var_run_t, { file dir })
kernel_read_kernel_sysctls(exim_t)
+kernel_dontaudit_read_system_state(exim_t)
+
corecmd_search_bin(exim_t)
corenet_all_recvfrom_unlabeled(exim_t)
@@ -77,8 +79,13 @@ corenet_tcp_bind_all_nodes(exim_t)
corenet_tcp_bind_smtp_port(exim_t)
corenet_tcp_bind_amavisd_send_port(exim_t)
corenet_tcp_connect_auth_port(exim_t)
+corenet_tcp_connect_smtp_port(exim_t)
+corenet_tcp_connect_ldap_port(exim_t)
corenet_tcp_connect_inetd_child_port(exim_t)
+dev_read_rand(exim_t)
+dev_read_urand(exim_t)
+
# Init script handling
domain_use_interactive_fds(exim_t)
More information about the scm-commits
mailing list