>From b056b1f93b6d05b3de48675deebf372a2cdf53d7 Mon Sep 17 00:00:00 2001 From: Luke Macken Date: Fri, 21 Nov 2008 19:03:50 +0000 Subject: [PATCH] Add a collab SELinux module for our mailman setup diff --git a/configs/system/selinux/modules/collab.pp b/configs/system/selinux/modules/collab.pp new file mode 100644 index 0000000000000000000000000000000000000000..7afa4d1019fde644afcd205f4f658135e92cbcf2 GIT binary patch literal 23390 zcmeI4S(78VamUB&334la5*<8-ioRDS^jb`CWBodj4L;_X+^W}g2-!D9P@Zf8Tf2jDa z4<9`EZ{_`to?rYh`C*J~)1Q{FH3MlMsPQ z_*=z450P}^hPrCbr}qfkm3jOqBy4f!y1BmvO- zB#(5Q7lm8eaF_(uZI=TBgZ>&@Nxk1yR5O*($M2Dvk3-pBHl%-F5gZsOE$OHhff*+; z&|zo+^;;BH{ooqN{3nX*QIkUek-rF$^iV9ri~->urU#HPf~N)J0B?{BvpuxCXOQYP zgKg=j6dKs%xl2HR_aP<@28D9QS^@WiOeUQW=p1UssT3Q20db&5-b?H%Nek3K8rHHy zj&V43;i<8yt|XDUi5;w1x_;=|Yv3Sg2~X2?;AtM2sMruJT=T`~M#m$-4X||u7y=*> zMZ00`rbQka*e)h6vV!!qw&vmwt2q4EV6AYNzWT`>ngdfFt$Ot!)_u`3f3_DqP4~G6=(*}uwn#}nKtco=<=oq`o8QHMfb1N z2B9Vrs%60=pbo2SHnj^PNC2Ny0&3YH@2CVYEd-e6uR|og?ApThJz4-=Div4cOH!s! zEJah)UtgW|GDAqh14&5K9ojIeSLMulug6i! zFq5**-L=nKsmAK8YUXGJ7WDF3(js=PhN?9ahS98ZP!}w1v$i{@XZq5BdW|pCM}nF* zSC-H*y-pjAYFe{l%Qe$sR1DXGz$ixx}OX1+m{v>Bsx0lm)w3Us9Sj1~3UR;1aKv%XW zNKwHWR<>LzWek@t{(fTsDInZIcL8*I2pe%trh7E*p+5osO4Z-2nziq${)6xYCOWkM z-p+CWfB$T*{*jJoI`}N|TBFSuqe4G)`DL}#2BNr#%7#s3Orsgb(x+*`jQAGl5n7m5 zXWJRl^hpcS^hcet2p}U8mO%}aEDFapS_cX@W%Cm4y>BQ#)i}{H(MU6$-S0LR!k{d- zdm(eY+FKR83J8Y?viH;*_~0HW?Jg-q)-HdME3~k z-m!s-d&o>VSPMi#oMbU!S>RfjvJvP13_~J(b&fR@vbNC0aSBGR=U-+)^no7nNktzSxiB zfj}B)z-ll1k7XXf<~0>y?MsV+Z4SV}_OxsBvdH@Zs3;H1)G?15cNbM*9tt!ah&Cb3 zF4+iBd7msQX(sYj=G;IK7w58XqwS)SWXG=5=quvGs9oOMs6dLojb0#viuLDTw(K)F zlPZ&rYOxrH{IoU`8l?<6-WLEMCfc{v{KykuGmSuiZpbCWH$Mx+c6~d_@QsSKn2WMe z(SK7Fw<-E+`A@UUw<)CWo}y>Ogd@dtO8iDflj`hX5GFaOD+KvMMX;l@6VgNJPnZ}& z9Q^!@(Gn1|bS5OfY(V5P>D*;r*YD-ykO$K6Apy2Xy;yh&-&HRbbRfW`skLSHSb5gn z_hu@tDer(2gVmfcQA|l4mBM*@`X9QAG9BH8jy2wa+vPnD94>+m@57S$EGqkBI$tF@5(;tvDlpry1EM%VpEOmtentdox$d zVE;&HehKpazSokrM}B=8Bj5xW8}&ydXmP4$C_B@C_k0Y4TD)-#0~V`e81}6Mw(5}; zNc*GY_nh#CI3cc&PefWyPlyDa`0HxNAPa@{iQL5^Urztib#3%8;`U%!BNB97kQI@- zoTIH*y~0%&=9!=tt3Dg1xM{M3xp#24dJt;}ViO)Kra~l#K&|62UFds%XF{ZT0~ey% zWfBm}l)b~r^m_)spL^)h3HJ9QI}$}CMB_f(+d^f@(TexeU71@fYAJsc-&^PY7CfsE zV3uvY$cJK%Bb$H=G?k&ak$W#eBFr0*pt!8yhi1(o5_-R7V>yYldYDV-ER7(sKCEJ! zMgY~6+x*57#(}MHs#m%^0&l`tD&=+vM-cE54MUdrv2VT8-Z<1()b=sjV}JupWOKWB zs52Vi(4uG;OHNp|TA#WO9R!(Tt}f(t)C7r`=Pyn$H2RQCgljICTVSS}h;okwLE(si zt`QybJNE@f0ojlu!VEiCx`tk=t)rouhM1AHPE@86rmDCmi>_5eBhmHtd_j^?Mp*d; z*b*Z-gP){3QC&CPVB$`mp+q29U|1DU2J=z=NJ}w zB?Zw;`JE2Xo)+6`R!uc@#dKIKr$cNVe{myqI zpjd_0F^}hy5Mz1#B|i-(N)Tgt?1a2DP!1Esda>*zKIoTcVyyEeL0v?bZcihGBg6*$m(IU)9`AsEXMG#N{`hQ%bGLkLuOGy8W8S}R z*l)`9Pw&XTi=Kh}20t{tm*)ukb$`)un5xk{P2ZViEHSe1uHVg!x%^@V@akWh$JFX| zx-^S*Hog*eJ3qb`mF5FNrcs&&i1jcJXv`}AI2T8Hj+ z(JReLyT5svDy;=Ktgis2C26QODi+X^+`}#f+sYBNe)=E3s>@~r!W@#oy_YHq$S_rJQ z7cMPfmL;HR7M0hYw6p{l&~0~5T8`nGIw{gJ<~8oQw3AMYu#6+UHf7ED(B0reMAe(* zDHt?B+|;D`h&pA__$M99t&JV!O>Zb9>VVcw!#uX)m$9bCcv_|+3*-UG8{)ABImE)u z^O(z|ZZ*FDSD!_A_`2cI!$;XOT^%Wgw!6-jy1eeXrq3qQ!;c?Q_!%20?clopdrEz9 zoRzJ{-ekk|(kbIR#~J%L<+#pTc}S0A`FGV|1>U#Wi85XOt2-O(yvq=x1SOJh3MT`- z2RaXp1~0A`r|c~=ZrUUm#bxENSV5x6=gniTAeGr?)zbCfe*V$(PZPveOVHcI%u8&a zphb?|ia8`&kn8*0Kg>$U<;sjDH$f_z7l*{jv(*puHfml-wC=zx8aRi?>^YK$c=$K3 z?N!zl$xI}IrkHqba3mS0`cdO9?YF3<(kHHe4DJd{0xN9P9-cQ+kW|_;7_^V`qHFt1 zuTN$DWhK{9)tqIgZn$)=$^7Ng%sYhCb>5U2E+THPhTP2G0M7bxxoo=uGZe3(^S1-jlv#}{?aFq2`Bi>&8V|FQZoVlwdV_q1MM1X20IMQC~ve%Ow zVW68$9zFivUI>3Ag|G3>#zC(nCpc&QydCROgl8-(5_{VAMlw-mS&Kds^wm+PTi3m3 ziap5v8r`nwy3y}m1O7D3L*$mZ$SL}r?K{KISTc1BU38gcmoCzYNr#Z7o8@CIe#wTh zF|NGG>(OO-pY=;uRI^H|{q)-EuDDpdCtx&>SJN}!YCQ>pU+#Pc5aHytQH%;~Sx-jh9q^hPnlO)b1)x1PMcY3Ei zD+G_rjW_tojkA`m4b!Ei(XqMM~c=muKx@9Yh zHSHkWFW{4^7x@F2=~TzvNbq!O_>|*faqR`1Sy?FyX<%v{XBoU;`cc^HO$L22su`pw zT0^#|Te0HpnL5R!(~Ah2KD8}ceGNgMqq+`QtjVD}1qV*GXOicu^zLRs&q*=aRJMS_BpbGr87ZVSs0@nTo>Q zgny>mGRe%Wx;o1A?t|V(b0YSl?)7S~iF&Oon6=N**CEc_QTFePLT{!>GoH0w<@%rO zqZMxv0VKjP$|U?A(WkCP@coGko#GsA?Pd*U_mh!YGCbu24RNvO*}n<$iYTLTyjl*# znVKH+(5%ZBD>%h+%y^Yrlr19yDZ>$Au6J*!o66iJg_!Y_ZeT`8YI;1i~e1j=zTYko9 zHY0-*q84_JCMgsd_4mS?mB9k@W~vS(Szo=oAu|(M-D0QRWUjE{+8#A5?QJ82&{l=C z^{uv30nSIh_C=#YbhtEby-GY3c@4sZK=ux2QAhtc^}qwvUvwjLn$C`bcxlP zwt2GN=cm=yE7&L0@msL%6`t)X1evgF2ncw{hUv3>$a%3~vql!w!3%qfd$T+gf8Ovx zMeTad%&OtNrqu*#=`QL~dq(qM9mx{1H*Sukh^Y7YWfu?FBi+3Own*p?X^o3MTPq!7 zAzcI?Y|UbS#)k%~Q=QC5D*?c_TX-NeQ)$;)?1EC2c! z2uKUU9}(9rgOY)Bu9`>MQieyv*FIRc8iJ-JPX2A8*!=`5MhDK0zE*WXax}ddu`}@7 zh#sjCB|@wF>kyQ8F~Rl?feZUruk=Lh1Z*NwchYQ4hno$z5nIsh^#dDycoo4b5$~nl zL3dB;;6vJHF4uT{b)x`0)d`@oZ3s9Rw(x-eDn!sHFWXl3zl8oJJG{}zwB8<56m-=d zczTlDs&7iCT{^!J)AnzkYlUgcYIdFJn_q+5F^2sCwx=?owc+_Hh+OzZ4&)t?yMxb% z?ckqPWr?kJF}fX0Q;m<^Xi(idntSYDcyr+2vX4IdfvtDm6p(h_GuS+R;x3cbl~vkI zNY>70(KntzC;zz=V3K8EKG%kAf@(2ovKO@FW;ZW`C}Fi}`oc4cZ@nj)YNwX_;JG>( zh?L-$#y6by6I5ihVw0MN-wkK_B&y)swW+$z%dNAC8{X{%x<_Q)C{QAspb%Dm=d=Nx qZ1{%NL+TSw>-!$I`fb%J_1E5NwdXt-C2jAM*LShZtFS@D=Kle4c-|ZU literal 0 HcmV?d00001 diff --git a/configs/system/selinux/modules/collab.te b/configs/system/selinux/modules/collab.te new file mode 100644 index 0000000..f6a6196 --- /dev/null +++ b/configs/system/selinux/modules/collab.te @@ -0,0 +1,11 @@ +policy_module(collab,1.0.0) + +require { + type mailman_mail_t; + type initrc_tmp_t; + class file ioctl; +} + +#============= mailman_mail_t ============== +allow mailman_mail_t initrc_tmp_t:file ioctl; + diff --git a/manifests/servergroups/collab.pp b/manifests/servergroups/collab.pp index 988d57e..e46e392 100644 --- a/manifests/servergroups/collab.pp +++ b/manifests/servergroups/collab.pp @@ -31,4 +31,7 @@ class collab { type => 'mailman_data_t' } + semodule { 'collab': + } + } -- 1.5.5.1