[selinux-policy: 859/3172] fixes from arpwatch testing
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:19:20 UTC 2010
commit e8d0a659c32a655424210d93e40f76f1cb35a465
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Oct 25 20:27:08 2005 +0000
fixes from arpwatch testing
refpolicy/policy/modules/services/mta.te | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index d037b76..9e82279 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -50,6 +50,8 @@ allow system_mail_t self:capability { setuid setgid chown };
allow system_mail_t self:process { signal_perms setrlimit };
allow system_mail_t self:tcp_socket create_socket_perms;
+allow system_mail_t etc_mail_t:file r_file_perms;
+
# re-exec itself
can_exec(system_mail_t, sendmail_exec_t)
allow system_mail_t sendmail_exec_t:lnk_file r_file_perms;
@@ -64,6 +66,7 @@ corenet_tcp_sendrecv_all_nodes(system_mail_t)
corenet_raw_sendrecv_all_nodes(system_mail_t)
corenet_tcp_sendrecv_all_ports(system_mail_t)
corenet_tcp_bind_all_nodes(system_mail_t)
+corenet_tcp_connect_smtp_port(system_mail_t)
dev_read_rand(system_mail_t)
dev_read_urand(system_mail_t)
@@ -96,8 +99,6 @@ userdom_use_sysadm_terms(system_mail_t)
ifdef(`targeted_policy',`
typealias system_mail_t alias sysadm_mail_t;
- allow system_mail_t etc_mail_t:file r_file_perms;
-
allow system_mail_t mail_spool_t:dir create_dir_perms;
allow system_mail_t mail_spool_t:file create_file_perms;
allow system_mail_t mail_spool_t:lnk_file create_lnk_perms;
@@ -144,6 +145,10 @@ optional_policy(`apache.te',`
apache_dontaudit_rw_sys_script_stream_socket(system_mail_t)
')
+optional_policy(`arpwatch.te',`
+ arpwatch_rw_tmp_files(system_mail_t)
+')
+
optional_policy(`cron.te',`
cron_read_system_job_tmp_files(system_mail_t)
')
More information about the scm-commits
mailing list