[selinux-policy: 2535/3172] fetchmail executes programs in bin (uname), from Dan Walsh
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:45:20 UTC 2010
commit 414a5704dfb0e3f66009362e7714dd4941948259
Author: Jeremy Solt <jsolt at tresys.com>
Date: Tue Mar 16 14:55:52 2010 -0400
fetchmail executes programs in bin (uname), from Dan Walsh
policy/modules/services/fetchmail.te | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index d8aaa5e..6f67134 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -47,6 +47,8 @@ kernel_getattr_proc_files(fetchmail_t)
kernel_read_proc_symlinks(fetchmail_t)
kernel_dontaudit_read_system_state(fetchmail_t)
+#looks like it uses system command - calls uname
+corecmd_exec_bin(fetchmail_t)
corecmd_exec_shell(fetchmail_t)
corenet_all_recvfrom_unlabeled(fetchmail_t)
More information about the scm-commits
mailing list