[selinux-policy: 2672/3172] Procmail patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:57:36 UTC 2010
commit b276e36914e2a8faef36ac460788515f3f956642
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu May 20 08:17:06 2010 -0400
Procmail patch from Dan Walsh.
policy/modules/services/procmail.te | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
index a51bbf6..0e55985 100644
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@@ -1,5 +1,5 @@
-policy_module(procmail, 1.11.0)
+policy_module(procmail, 1.11.1)
########################################
#
@@ -22,7 +22,7 @@ files_tmp_file(procmail_tmp_t)
# Local policy
#
-allow procmail_t self:capability { sys_nice chown setuid setgid dac_override };
+allow procmail_t self:capability { sys_nice chown fsetid setuid setgid dac_override };
allow procmail_t self:process { setsched signal signull };
allow procmail_t self:fifo_file rw_fifo_file_perms;
allow procmail_t self:unix_stream_socket create_socket_perms;
@@ -92,6 +92,7 @@ userdom_user_home_dir_filetrans_user_home_content(procmail_t, { dir file lnk_fil
userdom_dontaudit_search_user_home_dirs(procmail_t)
mta_manage_spool(procmail_t)
+mta_read_queue(procmail_t)
ifdef(`hide_broken_symptoms',`
mta_dontaudit_rw_queue(procmail_t)
@@ -136,8 +137,8 @@ optional_policy(`
mta_read_config(procmail_t)
sendmail_domtrans(procmail_t)
sendmail_signal(procmail_t)
- sendmail_rw_tcp_sockets(procmail_t)
- sendmail_rw_unix_stream_sockets(procmail_t)
+ sendmail_dontaudit_rw_tcp_sockets(procmail_t)
+ sendmail_dontaudit_rw_unix_stream_sockets(procmail_t)
')
optional_policy(`
More information about the scm-commits
mailing list