rpms/selinux-policy/F-7 policy-20070501.patch, 1.47, 1.48 selinux-policy.spec, 1.487, 1.488
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Aug 14 00:16:47 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30319
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Mon Aug 13 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-37
- Allow clamd to read kernel system state
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- policy-20070501.patch 13 Aug 2007 11:38:10 -0000 1.47
+++ policy-20070501.patch 14 Aug 2007 00:16:44 -0000 1.48
@@ -2795,7 +2795,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.6.4/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.if 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apache.if 2007-08-13 19:33:33.000000000 -0400
@@ -18,10 +18,6 @@
attribute httpd_script_exec_type;
type httpd_t, httpd_suexec_t, httpd_log_t;
@@ -3711,8 +3711,8 @@
/var/log/clamav/clamav.* -- gen_context(system_u:object_r:clamd_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.6.4/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/clamav.te 2007-08-07 09:42:35.000000000 -0400
-@@ -74,17 +74,19 @@
++++ serefpolicy-2.6.4/policy/modules/services/clamav.te 2007-08-13 19:28:50.000000000 -0400
+@@ -74,17 +74,20 @@
manage_files_pattern(clamd_t,clamd_var_lib_t,clamd_var_lib_t)
# log files
@@ -3732,10 +3732,11 @@
kernel_dontaudit_list_proc(clamd_t)
kernel_read_sysctl(clamd_t)
+kernel_read_kernel_sysctls(clamd_t)
++kernel_read_system_state(clamd_t)
corenet_non_ipsec_sendrecv(clamd_t)
corenet_tcp_sendrecv_all_if(clamd_t)
-@@ -126,6 +128,7 @@
+@@ -126,6 +129,7 @@
amavis_read_lib_files(clamd_t)
amavis_read_spool_files(clamd_t)
amavis_spool_filetrans(clamd_t,clamd_var_run_t,sock_file)
@@ -3743,7 +3744,7 @@
')
########################################
-@@ -213,6 +216,9 @@
+@@ -213,6 +217,9 @@
read_files_pattern(clamscan_t,clamd_var_lib_t,clamd_var_lib_t)
allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
@@ -3753,7 +3754,7 @@
kernel_read_kernel_sysctls(clamscan_t)
files_read_etc_files(clamscan_t)
-@@ -228,5 +234,13 @@
+@@ -228,5 +235,13 @@
clamav_stream_connect(clamscan_t)
optional_policy(`
@@ -5335,8 +5336,16 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-2.6.4/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mailman.te 2007-08-07 09:42:35.000000000 -0400
-@@ -96,6 +96,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/mailman.te 2007-08-13 19:33:45.000000000 -0400
+@@ -55,6 +55,7 @@
+ apache_use_fds(mailman_cgi_t)
+ apache_dontaudit_append_log(mailman_cgi_t)
+ apache_search_sys_script_state(mailman_cgi_t)
++ apache_read_config(mailman_cgi_t)
+
+ optional_policy(`
+ nscd_socket_use(mailman_cgi_t)
+@@ -96,6 +97,7 @@
kernel_read_proc_symlinks(mailman_queue_t)
auth_domtrans_chk_passwd(mailman_queue_t)
@@ -6424,7 +6433,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.6.4/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-08-13 19:36:56.000000000 -0400
@@ -84,6 +84,12 @@
type postfix_var_run_t;
files_pid_file(postfix_var_run_t)
@@ -6475,7 +6484,16 @@
###########################################################
#
# Partially converted rules. THESE ARE ONLY TEMPORARY
-@@ -386,7 +406,7 @@
+@@ -268,6 +288,8 @@
+
+ files_read_etc_files(postfix_local_t)
+
++logging_dontaudit_search_logs(postfix_local_t)
++
+ mta_read_aliases(postfix_local_t)
+ mta_delete_spool(postfix_local_t)
+ # For reading spamassasin
+@@ -386,7 +408,7 @@
# Postfix pipe local policy
#
@@ -6484,7 +6502,7 @@
write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
-@@ -395,6 +415,10 @@
+@@ -395,6 +417,10 @@
rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
optional_policy(`
@@ -6495,7 +6513,7 @@
procmail_domtrans(postfix_pipe_t)
')
-@@ -441,6 +465,10 @@
+@@ -441,6 +467,10 @@
')
optional_policy(`
@@ -6506,7 +6524,7 @@
ppp_use_fds(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
')
-@@ -519,8 +547,6 @@
+@@ -519,8 +549,6 @@
# Postfix smtp delivery local policy
#
@@ -6515,7 +6533,7 @@
# connect to master process
stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
-@@ -528,6 +554,8 @@
+@@ -528,6 +556,8 @@
allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
@@ -6524,7 +6542,7 @@
optional_policy(`
cyrus_stream_connect(postfix_smtp_t)
')
-@@ -536,6 +564,7 @@
+@@ -536,6 +566,7 @@
#
# Postfix smtpd local policy
#
@@ -6532,7 +6550,7 @@
allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
# connect to master process
-@@ -552,9 +581,45 @@
+@@ -552,9 +583,45 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.487
retrieving revision 1.488
diff -u -r1.487 -r1.488
--- selinux-policy.spec 13 Aug 2007 11:38:10 -0000 1.487
+++ selinux-policy.spec 14 Aug 2007 00:16:44 -0000 1.488
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 36%{?dist}
+Release: 37%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@
%endif
%changelog
+* Mon Aug 13 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-37
+- Allow clamd to read kernel system state
+
* Mon Aug 13 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-36
- Allow NetworkManager to chown
More information about the scm-commits
mailing list