[selinux-policy/f16] * Wed Apr 18 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-8 - Make sure /var/spool/postfix/lib64 i
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Apr 18 11:42:30 UTC 2012
commit 56c8871c5d1be65976d1e4e0b8426ca06fb4ef16
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Apr 18 13:42:13 2012 +0200
* Wed Apr 18 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-8
- Make sure /var/spool/postfix/lib64 is labeled as /var/spool
- Nagios fixes
* Bacport from F17
policy-F16.patch | 199 ++++++++++++++++++++++++++++++++++++++++-----------
selinux-policy.spec | 7 ++-
2 files changed, 164 insertions(+), 42 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index a93eff4..eba5b86 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -15004,7 +15004,7 @@ index 35fed4f..51ad69a 100644
#
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
-index 6cf8784..fa24001 100644
+index 6cf8784..c384d6f 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -15,12 +15,14 @@
@@ -15049,7 +15049,7 @@ index 6cf8784..fa24001 100644
/dev/card.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
/dev/cmx.* -c gen_context(system_u:object_r:smartcard_device_t,s0)
-@@ -187,8 +193,6 @@ ifdef(`distro_suse', `
+@@ -187,12 +193,16 @@ ifdef(`distro_suse', `
/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0)
/lib/udev/devices/zero -c gen_context(system_u:object_r:zero_device_t,s0)
@@ -15058,9 +15058,10 @@ index 6cf8784..fa24001 100644
ifdef(`distro_redhat',`
# originally from named.fc
/var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0)
-@@ -196,3 +200,8 @@ ifdef(`distro_redhat',`
+ /var/named/chroot/dev/null -c gen_context(system_u:object_r:null_device_t,s0)
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
++/var/spool/postfix/dev -d gen_context(system_u:object_r:device_t,s0)
')
+
+#
@@ -25300,14 +25301,14 @@ index deca9d3..ac92fce 100644
')
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
-index 9e39aa5..5a10781 100644
+index 9e39aa5..a9021c8 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
@@ -1,21 +1,30 @@
HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html))/cgi-bin(/.+)? gen_context(system_u:object_r:httpd_user_script_exec_t,s0)
+HOME_DIR/((www)|(web)|(public_html))(/.*)?/\.htaccess -- gen_context(system_u:object_r:httpd_user_htaccess_t,s0)
-+HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)? gen_context(system_u:object_r:httpd_user_content_ra_t,s0)
++HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)? gen_context(system_u:object_r:httpd_user_ra_content_t,s0)
/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@ -47056,10 +47057,10 @@ index 1fc9905..1d05c60 100644
-/usr/lib(64)?/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
+/usr/lib/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
diff --git a/policy/modules/services/nagios.if b/policy/modules/services/nagios.if
-index 8581040..2367841 100644
+index 8581040..3983667 100644
--- a/policy/modules/services/nagios.if
+++ b/policy/modules/services/nagios.if
-@@ -12,10 +12,8 @@
+@@ -12,13 +12,11 @@
## </param>
#
template(`nagios_plugin_template',`
@@ -47070,7 +47071,11 @@ index 8581040..2367841 100644
+ type nagios_t, nrpe_t, nagios_log_t;
')
- type nagios_$1_plugin_t;
+- type nagios_$1_plugin_t;
++ type nagios_$1_plugin_t, nagios_plugin_domain;
+ type nagios_$1_plugin_exec_t;
+ application_domain(nagios_$1_plugin_t, nagios_$1_plugin_exec_t)
+ role system_r types nagios_$1_plugin_t;
@@ -26,9 +24,11 @@ template(`nagios_plugin_template',`
allow nagios_$1_plugin_t self:fifo_file rw_fifo_file_perms;
@@ -47147,10 +47152,19 @@ index 8581040..2367841 100644
allow $1 nagios_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
-index bf64a4c..9ad9024 100644
+index bf64a4c..2275f40 100644
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
-@@ -25,7 +25,10 @@ type nagios_var_run_t;
+@@ -5,6 +5,8 @@ policy_module(nagios, 1.10.0)
+ # Declarations
+ #
+
++attribute nagios_plugin_domain;
++
+ type nagios_t;
+ type nagios_exec_t;
+ init_daemon_domain(nagios_t, nagios_exec_t)
+@@ -25,7 +27,10 @@ type nagios_var_run_t;
files_pid_file(nagios_var_run_t)
type nagios_spool_t;
@@ -47162,7 +47176,18 @@ index bf64a4c..9ad9024 100644
nagios_plugin_template(admin)
nagios_plugin_template(checkdisk)
-@@ -77,8 +80,13 @@ files_pid_filetrans(nagios_t, nagios_var_run_t, file)
+@@ -33,6 +38,10 @@ nagios_plugin_template(mail)
+ nagios_plugin_template(services)
+ nagios_plugin_template(system)
+ nagios_plugin_template(unconfined)
++nagios_plugin_template(eventhandler)
++
++type nagios_eventhandler_plugin_tmp_t;
++files_tmp_file(nagios_eventhandler_plugin_tmp_t)
+
+ type nagios_system_plugin_tmp_t;
+ files_tmp_file(nagios_system_plugin_tmp_t)
+@@ -77,8 +86,13 @@ files_pid_filetrans(nagios_t, nagios_var_run_t, file)
manage_fifo_files_pattern(nagios_t, nagios_spool_t, nagios_spool_t)
files_spool_filetrans(nagios_t, nagios_spool_t, fifo_file)
@@ -47176,7 +47201,7 @@ index bf64a4c..9ad9024 100644
corecmd_exec_bin(nagios_t)
corecmd_exec_shell(nagios_t)
-@@ -107,13 +115,11 @@ files_read_etc_files(nagios_t)
+@@ -107,13 +121,11 @@ files_read_etc_files(nagios_t)
files_read_etc_runtime_files(nagios_t)
files_read_kernel_symbol_table(nagios_t)
files_search_spool(nagios_t)
@@ -47191,7 +47216,7 @@ index bf64a4c..9ad9024 100644
auth_use_nsswitch(nagios_t)
logging_send_syslog_msg(nagios_t)
-@@ -124,10 +130,10 @@ userdom_dontaudit_use_unpriv_user_fds(nagios_t)
+@@ -124,10 +136,10 @@ userdom_dontaudit_use_unpriv_user_fds(nagios_t)
userdom_dontaudit_search_user_home_dirs(nagios_t)
mta_send_mail(nagios_t)
@@ -47204,7 +47229,7 @@ index bf64a4c..9ad9024 100644
netutils_kill_ping(nagios_t)
')
-@@ -143,6 +149,7 @@ optional_policy(`
+@@ -143,6 +155,7 @@ optional_policy(`
#
# Nagios CGI local policy
#
@@ -47212,7 +47237,7 @@ index bf64a4c..9ad9024 100644
optional_policy(`
apache_content_template(nagios)
typealias httpd_nagios_script_t alias nagios_cgi_t;
-@@ -180,11 +187,13 @@ optional_policy(`
+@@ -180,11 +193,13 @@ optional_policy(`
#
allow nrpe_t self:capability { setuid setgid };
@@ -47227,7 +47252,7 @@ index bf64a4c..9ad9024 100644
domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t)
read_files_pattern(nrpe_t, nagios_etc_t, nagios_etc_t)
-@@ -201,7 +210,8 @@ corecmd_exec_shell(nrpe_t)
+@@ -201,7 +216,8 @@ corecmd_exec_shell(nrpe_t)
corenet_tcp_bind_generic_node(nrpe_t)
corenet_tcp_bind_inetd_child_port(nrpe_t)
@@ -47237,7 +47262,7 @@ index bf64a4c..9ad9024 100644
dev_read_sysfs(nrpe_t)
dev_read_urand(nrpe_t)
-@@ -211,6 +221,7 @@ domain_read_all_domains_state(nrpe_t)
+@@ -211,6 +227,7 @@ domain_read_all_domains_state(nrpe_t)
files_read_etc_runtime_files(nrpe_t)
files_read_etc_files(nrpe_t)
@@ -47245,7 +47270,15 @@ index bf64a4c..9ad9024 100644
fs_getattr_all_fs(nrpe_t)
fs_search_auto_mountpoints(nrpe_t)
-@@ -270,12 +281,10 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
+@@ -251,7 +268,6 @@ optional_policy(`
+ corecmd_read_bin_files(nagios_admin_plugin_t)
+ corecmd_read_bin_symlinks(nagios_admin_plugin_t)
+
+-dev_read_urand(nagios_admin_plugin_t)
+ dev_getattr_all_chr_files(nagios_admin_plugin_t)
+ dev_getattr_all_blk_files(nagios_admin_plugin_t)
+
+@@ -270,19 +286,15 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
#
allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
@@ -47258,7 +47291,14 @@ index bf64a4c..9ad9024 100644
kernel_read_kernel_sysctls(nagios_mail_plugin_t)
corecmd_read_bin_files(nagios_mail_plugin_t)
-@@ -299,7 +308,7 @@ optional_policy(`
+ corecmd_read_bin_symlinks(nagios_mail_plugin_t)
+
+-dev_read_urand(nagios_mail_plugin_t)
+-
+ files_read_etc_files(nagios_mail_plugin_t)
+
+ logging_send_syslog_msg(nagios_mail_plugin_t)
+@@ -299,7 +311,7 @@ optional_policy(`
optional_policy(`
postfix_stream_connect_master(nagios_mail_plugin_t)
@@ -47267,7 +47307,7 @@ index bf64a4c..9ad9024 100644
')
######################################
-@@ -310,6 +319,9 @@ optional_policy(`
+@@ -310,6 +322,9 @@ optional_policy(`
# needed by ioctl()
allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
@@ -47277,7 +47317,7 @@ index bf64a4c..9ad9024 100644
files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
fs_getattr_all_fs(nagios_checkdisk_plugin_t)
-@@ -323,7 +335,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
+@@ -323,7 +338,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
allow nagios_services_plugin_t self:process { signal sigkill };
@@ -47285,7 +47325,7 @@ index bf64a4c..9ad9024 100644
allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_services_plugin_t self:udp_socket create_socket_perms;
-@@ -340,6 +351,8 @@ files_read_usr_files(nagios_services_plugin_t)
+@@ -340,6 +354,8 @@ files_read_usr_files(nagios_services_plugin_t)
optional_policy(`
netutils_domtrans_ping(nagios_services_plugin_t)
@@ -47294,7 +47334,7 @@ index bf64a4c..9ad9024 100644
')
optional_policy(`
-@@ -363,6 +376,8 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
+@@ -363,6 +379,8 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
@@ -47303,7 +47343,13 @@ index bf64a4c..9ad9024 100644
kernel_read_system_state(nagios_system_plugin_t)
kernel_read_kernel_sysctls(nagios_system_plugin_t)
-@@ -376,6 +391,8 @@ domain_read_all_domains_state(nagios_system_plugin_t)
+@@ -370,12 +388,13 @@ corecmd_exec_bin(nagios_system_plugin_t)
+ corecmd_exec_shell(nagios_system_plugin_t)
+
+ dev_read_sysfs(nagios_system_plugin_t)
+-dev_read_urand(nagios_system_plugin_t)
+
+ domain_read_all_domains_state(nagios_system_plugin_t)
files_read_etc_files(nagios_system_plugin_t)
@@ -47312,6 +47358,59 @@ index bf64a4c..9ad9024 100644
# needed by check_users plugin
optional_policy(`
init_read_utmp(nagios_system_plugin_t)
+@@ -389,3 +408,52 @@ optional_policy(`
+ optional_policy(`
+ unconfined_domain(nagios_unconfined_plugin_t)
+ ')
++
++#######################################
++#
++# Event handler plugin plugin policy
++#
++
++manage_files_pattern(nagios_eventhandler_plugin_t, nagios_eventhandler_plugin_tmp_t, nagios_eventhandler_plugin_tmp_t)
++manage_dirs_pattern(nagios_eventhandler_plugin_t, nagios_eventhandler_plugin_tmp_t, nagios_eventhandler_plugin_tmp_t)
++files_tmp_filetrans(nagios_eventhandler_plugin_t, nagios_eventhandler_plugin_tmp_t, { dir file })
++
++corecmd_exec_bin(nagios_eventhandler_plugin_t)
++corecmd_exec_shell(nagios_eventhandler_plugin_t)
++
++init_domtrans_script(nagios_eventhandler_plugin_t)
++
++systemd_exec_systemctl(nagios_eventhandler_plugin_t)
++
++allow nagios_t nagios_eventhandler_plugin_exec_t:dir list_dir_perms;
++
++optional_policy(`
++ unconfined_domain(nagios_eventhandler_plugin_t)
++')
++
++######################################
++#
++# nagios plugin domain policy
++#
++
++allow nagios_plugin_domain self:fifo_file rw_fifo_file_perms;
++
++allow nrpe_t nagios_plugin_domain:process { signal sigkill };
++
++allow nagios_t nagios_plugin_domain:process signal_perms;
++
++# cjp: leaked file descriptor
++dontaudit nagios_plugin_domain nrpe_t:tcp_socket { read write };
++dontaudit nagios_plugin_domain nagios_log_t:file { read write };
++
++kernel_read_system_state(nagios_plugin_domain)
++
++dev_read_urand(nagios_plugin_domain)
++dev_read_rand(nagios_plugin_domain)
++
++files_read_usr_files(nagios_plugin_domain)
++
++miscfiles_read_localization(nagios_plugin_domain)
++
++userdom_use_inherited_user_ptys(nagios_plugin_domain)
++userdom_use_inherited_user_ttys(nagios_plugin_domain)
diff --git a/policy/modules/services/nessus.fc b/policy/modules/services/nessus.fc
index 74da57f..b94bb3b 100644
--- a/policy/modules/services/nessus.fc
@@ -49216,7 +49315,7 @@ index 7f8fdc2..047d985 100644
optional_policy(`
seutil_sigchld_newrole(openct_t)
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
-index 8b550f4..117a7ac 100644
+index 8b550f4..3075607 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -6,9 +6,9 @@ policy_module(openvpn, 1.10.0)
@@ -49291,8 +49390,12 @@ index 8b550f4..117a7ac 100644
corenet_tcp_connect_http_cache_port(openvpn_t)
corenet_rw_tun_tap_dev(openvpn_t)
corenet_sendrecv_openvpn_server_packets(openvpn_t)
-@@ -102,6 +110,8 @@ files_read_etc_runtime_files(openvpn_t)
+@@ -100,8 +108,12 @@ dev_read_urand(openvpn_t)
+ files_read_etc_files(openvpn_t)
+ files_read_etc_runtime_files(openvpn_t)
++fs_getattr_xattr_fs(openvpn_t)
++
auth_use_pam(openvpn_t)
+init_read_utmp(openvpn_t)
@@ -49300,7 +49403,7 @@ index 8b550f4..117a7ac 100644
logging_send_syslog_msg(openvpn_t)
miscfiles_read_localization(openvpn_t)
-@@ -112,21 +122,23 @@ sysnet_exec_ifconfig(openvpn_t)
+@@ -112,21 +124,23 @@ sysnet_exec_ifconfig(openvpn_t)
sysnet_manage_config(openvpn_t)
sysnet_etc_filetrans_config(openvpn_t)
@@ -49332,7 +49435,7 @@ index 8b550f4..117a7ac 100644
optional_policy(`
daemontools_service_domain(openvpn_t, openvpn_exec_t)
-@@ -138,3 +150,7 @@ optional_policy(`
+@@ -138,3 +152,7 @@ optional_policy(`
networkmanager_dbus_chat(openvpn_t)
')
@@ -63998,7 +64101,7 @@ index 7c5d8d8..45bac8e 100644
+')
+
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
-index 3eca020..bea24d2 100644
+index 3eca020..813bca2 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -5,56 +5,81 @@ policy_module(virt, 1.4.0)
@@ -64538,7 +64641,7 @@ index 3eca020..bea24d2 100644
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
files_search_all(virt_domain)
-@@ -440,25 +618,375 @@ files_search_all(virt_domain)
+@@ -440,25 +618,387 @@ files_search_all(virt_domain)
fs_getattr_tmpfs(virt_domain)
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
@@ -64898,15 +65001,19 @@ index 3eca020..bea24d2 100644
+#
+# virt_qmf local policy
+#
-+allow virt_qmf_t self:process signal;
++
++allow virt_qmf_t self:capability { sys_nice sys_tty_config };
++allow virt_qmf_t self:process { setsched signal };
+allow virt_qmf_t self:fifo_file rw_fifo_file_perms;
+allow virt_qmf_t self:unix_stream_socket create_stream_socket_perms;
+allow virt_qmf_t self:tcp_socket create_stream_socket_perms;
++allow virt_qmf_t self:netlink_route_socket create_netlink_socket_perms;
+
+kernel_read_network_state(virt_qmf_t)
+
-+dev_list_sysfs(virt_qmf_t)
+dev_read_sysfs(virt_qmf_t)
++dev_read_rand(virt_qmf_t)
++dev_read_urand(virt_qmf_t)
+
+corenet_tcp_connect_matahari_port(virt_qmf_t)
+
@@ -64917,6 +65024,14 @@ index 3eca020..bea24d2 100644
+logging_send_syslog_msg(virt_qmf_t)
+
+miscfiles_read_localization(virt_qmf_t)
++
++optional_policy(`
++ dbus_read_lib_files(virt_qmf_t)
++')
++
++optional_policy(`
++ virt_stream_connect(virt_qmf_t)
++')
diff --git a/policy/modules/services/vnstatd.fc b/policy/modules/services/vnstatd.fc
index 11533cc..4d81b99 100644
--- a/policy/modules/services/vnstatd.fc
@@ -65128,10 +65243,10 @@ index 0000000..a554011
+')
diff --git a/policy/modules/services/wdmd.te b/policy/modules/services/wdmd.te
new file mode 100644
-index 0000000..45918db
+index 0000000..f719e71
--- /dev/null
+++ b/policy/modules/services/wdmd.te
-@@ -0,0 +1,52 @@
+@@ -0,0 +1,51 @@
+policy_module(wdmd,1.0.0)
+
+########################################
@@ -65153,7 +65268,6 @@ index 0000000..45918db
+#
+# wdmd local policy
+#
-+
+allow wdmd_t self:capability { chown sys_nice ipc_lock };
+allow wdmd_t self:process { setsched signal };
+
@@ -72575,7 +72689,7 @@ index a0b379d..bf90918 100644
- nscd_socket_use(sulogin_t)
-')
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index 02f4c97..7470a2e 100644
+index 02f4c97..fe034f7 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -17,6 +17,13 @@
@@ -72601,16 +72715,15 @@ index 02f4c97..7470a2e 100644
/var/log/messages[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/log/secure[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/log/cron[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-@@ -54,6 +61,8 @@ ifndef(`distro_gentoo',`
+@@ -54,6 +61,7 @@ ifndef(`distro_gentoo',`
ifdef(`distro_redhat',`
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
/var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
-+/var/spool/postfix/dev -d gen_context(system_u:object_r:var_log_t,s0)
+/var/spool/postfix/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
')
/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
-@@ -73,4 +82,8 @@ ifdef(`distro_redhat',`
+@@ -73,4 +81,8 @@ ifdef(`distro_redhat',`
/var/spool/plymouth/boot\.log gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/spool/rsyslog(/.*)? gen_context(system_u:object_r:var_log_t,s0)
@@ -72831,7 +72944,7 @@ index 831b909..efe1038 100644
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index b6ec597..aea710e 100644
+index b6ec597..199b2cb 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -5,6 +5,20 @@ policy_module(logging, 1.17.2)
@@ -73030,7 +73143,7 @@ index b6ec597..aea710e 100644
miscfiles_read_localization(syslogd_t)
-@@ -496,11 +559,20 @@ optional_policy(`
+@@ -496,11 +559,24 @@ optional_policy(`
')
optional_policy(`
@@ -73038,6 +73151,10 @@ index b6ec597..aea710e 100644
+')
+
+optional_policy(`
++ postfix_search_spool(syslogd_t)
++')
++
++optional_policy(`
postgresql_stream_connect(syslogd_t)
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index cf5aa30..17a027c 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 83%{?dist}
+Release: 84%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,11 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Apr 18 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-84
+- Make sure /var/spool/postfix/lib64 is labeled as /var/spool/postfix/lib
+- Nagios fixes
+ * Bacport from F17
+
* Mon Apr 16 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-83
- Allow wdmd chown
- Add storage_dev_filetrans_named_fixed_disk() for fsdaemon
More information about the scm-commits
mailing list