[selinux-policy/f16] - Add own type for rdate port - Allow sssd setrlimit - Allow jaberrd-router to read kernel network s
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Mar 13 11:11:22 UTC 2012
commit 4ed03033dd3ccb24e94dff78d923461aeb25ac7d
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue Mar 13 12:11:04 2012 +0100
- Add own type for rdate port
- Allow sssd setrlimit
- Allow jaberrd-router to read kernel network state
- Started to backport userdom_home_reader and userdom_home_manager concept from f17
- Allow system_mail to send log msgs
policy-F16.patch | 196 ++++++++++++++++++++++++++++++++++++++------------
selinux-policy.spec | 9 ++-
2 files changed, 157 insertions(+), 48 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index da8f6b8..c63b62d 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -14411,7 +14411,7 @@ index 4f3b542..f4e36ee 100644
corenet_udp_recvfrom_labeled($1, $2)
corenet_raw_recvfrom_labeled($1, $2)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 99b71cb..009f8b7 100644
+index 99b71cb..a96b835 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -11,11 +11,15 @@ attribute netif_type;
@@ -14545,7 +14545,8 @@ index 99b71cb..009f8b7 100644
+network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,8123,s0, tcp,10001-10010,s0) # 8118 is for privoxy
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
- network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
+-network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
++network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
network_port(innd, tcp,119,s0)
+network_port(ionixnetmon, tcp,7410,s0, udp,7410,s0)
network_port(ipmi, udp,623,s0, udp,664,s0)
@@ -14614,10 +14615,11 @@ index 99b71cb..009f8b7 100644
network_port(prelude, tcp,4690,s0, udp,4690,s0)
network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
network_port(printer, tcp,515,s0)
-@@ -179,34 +238,40 @@ network_port(radacct, udp,1646,s0, udp,1813,s0)
+@@ -179,34 +238,41 @@ network_port(radacct, udp,1646,s0, udp,1813,s0)
network_port(radius, udp,1645,s0, udp,1812,s0)
network_port(radsec, tcp,2083,s0)
network_port(razor, tcp,2703,s0)
++network_port(rdate, tcp,37,s0, udp,37,s0)
+network_port(repository, tcp, 6363, s0)
network_port(ricci, tcp,11111,s0, udp,11111,s0)
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
@@ -14660,7 +14662,7 @@ index 99b71cb..009f8b7 100644
network_port(traceroute, udp,64000-64010,s0)
network_port(transproxy, tcp,8081,s0)
network_port(ups, tcp,3493,s0)
-@@ -215,9 +280,12 @@ network_port(uucpd, tcp,540,s0)
+@@ -215,9 +281,12 @@ network_port(uucpd, tcp,540,s0)
network_port(varnishd, tcp,6081-6082,s0)
network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
network_port(virt_migration, tcp,49152-49216,s0)
@@ -14674,7 +14676,7 @@ index 99b71cb..009f8b7 100644
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
network_port(xfs, tcp,7100,s0)
-@@ -229,6 +297,7 @@ network_port(zookeeper_client, tcp,2181,s0)
+@@ -229,6 +298,7 @@ network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
@@ -14682,7 +14684,7 @@ index 99b71cb..009f8b7 100644
network_port(zope, tcp,8021,s0)
# Defaults for reserved ports. Earlier portcon entries take precedence;
-@@ -238,6 +307,12 @@ portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
+@@ -238,6 +308,12 @@ portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
portcon udp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
portcon tcp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
portcon udp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
@@ -14695,7 +14697,7 @@ index 99b71cb..009f8b7 100644
########################################
#
-@@ -282,9 +357,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -282,9 +358,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
@@ -36624,7 +36626,7 @@ index e1d7dc5..bd08e31 100644
admin_pattern($1, dovecot_var_run_t)
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
-index acf6d4f..aa446e9 100644
+index acf6d4f..e993e2d 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -18,7 +18,7 @@ type dovecot_auth_tmp_t;
@@ -36700,7 +36702,16 @@ index acf6d4f..aa446e9 100644
corenet_tcp_bind_sieve_port(dovecot_t)
corenet_tcp_connect_all_ports(dovecot_t)
corenet_tcp_connect_postgresql_port(dovecot_t)
-@@ -160,6 +168,15 @@ optional_policy(`
+@@ -153,6 +161,8 @@ userdom_manage_user_home_content_pipes(dovecot_t)
+ userdom_manage_user_home_content_sockets(dovecot_t)
+ userdom_user_home_dir_filetrans_user_home_content(dovecot_t, { dir file lnk_file fifo_file sock_file })
+
++userdom_home_manager(dovecot_t)
++
+ mta_manage_spool(dovecot_t)
+
+ optional_policy(`
+@@ -160,6 +170,15 @@ optional_policy(`
')
optional_policy(`
@@ -36716,7 +36727,7 @@ index acf6d4f..aa446e9 100644
postgresql_stream_connect(dovecot_t)
')
-@@ -180,8 +197,8 @@ optional_policy(`
+@@ -180,8 +199,8 @@ optional_policy(`
# dovecot auth local policy
#
@@ -36727,7 +36738,7 @@ index acf6d4f..aa446e9 100644
allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
-@@ -190,6 +207,9 @@ allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_p
+@@ -190,6 +209,9 @@ allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_p
read_files_pattern(dovecot_auth_t, dovecot_passwd_t, dovecot_passwd_t)
@@ -36737,7 +36748,7 @@ index acf6d4f..aa446e9 100644
manage_dirs_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
manage_files_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
files_tmp_filetrans(dovecot_auth_t, dovecot_auth_tmp_t, { file dir })
-@@ -201,9 +221,12 @@ dovecot_stream_connect_auth(dovecot_auth_t)
+@@ -201,9 +223,12 @@ dovecot_stream_connect_auth(dovecot_auth_t)
kernel_read_all_sysctls(dovecot_auth_t)
kernel_read_system_state(dovecot_auth_t)
@@ -36750,7 +36761,7 @@ index acf6d4f..aa446e9 100644
dev_read_urand(dovecot_auth_t)
auth_domtrans_chk_passwd(dovecot_auth_t)
-@@ -218,6 +241,8 @@ files_read_var_lib_files(dovecot_auth_t)
+@@ -218,6 +243,8 @@ files_read_var_lib_files(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
@@ -36759,7 +36770,7 @@ index acf6d4f..aa446e9 100644
init_rw_utmp(dovecot_auth_t)
miscfiles_read_localization(dovecot_auth_t)
-@@ -236,6 +261,8 @@ optional_policy(`
+@@ -236,6 +263,8 @@ optional_policy(`
optional_policy(`
mysql_search_db(dovecot_auth_t)
mysql_stream_connect(dovecot_auth_t)
@@ -36768,7 +36779,7 @@ index acf6d4f..aa446e9 100644
')
optional_policy(`
-@@ -243,6 +270,8 @@ optional_policy(`
+@@ -243,6 +272,8 @@ optional_policy(`
')
optional_policy(`
@@ -36777,7 +36788,7 @@ index acf6d4f..aa446e9 100644
postfix_search_spool(dovecot_auth_t)
')
-@@ -250,23 +279,42 @@ optional_policy(`
+@@ -250,23 +281,42 @@ optional_policy(`
#
# dovecot deliver local policy
#
@@ -36822,7 +36833,16 @@ index acf6d4f..aa446e9 100644
miscfiles_read_localization(dovecot_deliver_t)
-@@ -302,5 +350,19 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -283,6 +333,8 @@ userdom_manage_user_home_content_pipes(dovecot_deliver_t)
+ userdom_manage_user_home_content_sockets(dovecot_deliver_t)
+ userdom_user_home_dir_filetrans_user_home_content(dovecot_deliver_t, { dir file lnk_file fifo_file sock_file })
+
++userdom_home_manager(dovecot_deliver_t)
++
+ tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(dovecot_deliver_t)
+ fs_manage_nfs_files(dovecot_deliver_t)
+@@ -302,5 +354,19 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
@@ -40815,10 +40835,19 @@ index df48e5e..878d9df 100644
type inetd_t;
')
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
-index c51a7b2..5f71f35 100644
+index c51a7b2..5547c35 100644
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
-@@ -149,7 +149,10 @@ miscfiles_read_localization(inetd_t)
+@@ -89,6 +89,8 @@ corenet_tcp_bind_ftp_port(inetd_t)
+ corenet_udp_bind_ftp_port(inetd_t)
+ corenet_tcp_bind_inetd_child_port(inetd_t)
+ corenet_udp_bind_inetd_child_port(inetd_t)
+++corenet_tcp_bind_rdate_port(inetd_t)
+++corenet_udp_bind_rdate_port(inetd_t)
+ corenet_tcp_bind_ircd_port(inetd_t)
+ corenet_udp_bind_ktalkd_port(inetd_t)
+ corenet_tcp_bind_printer_port(inetd_t)
+@@ -149,7 +151,10 @@ miscfiles_read_localization(inetd_t)
mls_fd_share_all_levels(inetd_t)
mls_socket_read_to_clearance(inetd_t)
mls_socket_write_to_clearance(inetd_t)
@@ -41217,10 +41246,10 @@ index 9878499..81fcd0f 100644
- admin_pattern($1, jabberd_var_run_t)
')
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
-index da2127e..24e20b0 100644
+index da2127e..91bdd44 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
-@@ -5,90 +5,148 @@ policy_module(jabber, 1.8.0)
+@@ -5,90 +5,150 @@ policy_module(jabber, 1.8.0)
# Declarations
#
@@ -41298,40 +41327,42 @@ index da2127e..24e20b0 100644
-corenet_sendrecv_jabber_interserver_server_packets(jabberd_t)
+manage_files_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
+manage_dirs_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
-
--dev_read_sysfs(jabberd_t)
--# For SSL
--dev_read_rand(jabberd_t)
++
++kernel_read_network_state(jabberd_router_t)
++
+corenet_tcp_bind_jabber_client_port(jabberd_router_t)
+corenet_tcp_bind_jabber_router_port(jabberd_router_t)
+corenet_tcp_connect_jabber_router_port(jabberd_router_t)
+corenet_sendrecv_jabber_router_server_packets(jabberd_router_t)
+corenet_sendrecv_jabber_client_server_packets(jabberd_router_t)
--domain_use_interactive_fds(jabberd_t)
+-dev_read_sysfs(jabberd_t)
+-# For SSL
+-dev_read_rand(jabberd_t)
+fs_getattr_all_fs(jabberd_router_t)
--files_read_etc_files(jabberd_t)
--files_read_etc_runtime_files(jabberd_t)
+-domain_use_interactive_fds(jabberd_t)
+miscfiles_read_generic_certs(jabberd_router_t)
--fs_getattr_all_fs(jabberd_t)
--fs_search_auto_mountpoints(jabberd_t)
+-files_read_etc_files(jabberd_t)
+-files_read_etc_runtime_files(jabberd_t)
+optional_policy(`
+ kerberos_use(jabberd_router_t)
+')
--logging_send_syslog_msg(jabberd_t)
+-fs_getattr_all_fs(jabberd_t)
+-fs_search_auto_mountpoints(jabberd_t)
+optional_policy(`
+ nis_use_ypbind(jabberd_router_t)
+')
--miscfiles_read_localization(jabberd_t)
+-logging_send_syslog_msg(jabberd_t)
+#####################################
+#
+# Local policy for other jabberd components
+#
-+
+
+-miscfiles_read_localization(jabberd_t)
+manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
+manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
@@ -41350,8 +41381,8 @@ index da2127e..24e20b0 100644
optional_policy(`
- seutil_sigchld_newrole(jabberd_t)
+ udev_read_db(jabberd_t)
-+')
-+
+ ')
+
+######################################
+#
+# Local policy for pyicq-t
@@ -41382,12 +41413,12 @@ index da2127e..24e20b0 100644
+libs_use_shared_libs(pyicqt_t)
+
+# needed for pyicq-t-mysql
-+optional_policy(`
-+ corenet_tcp_connect_mysqld_port(pyicqt_t)
- ')
-
optional_policy(`
- udev_read_db(jabberd_t)
++ corenet_tcp_connect_mysqld_port(pyicqt_t)
++')
++
++optional_policy(`
+ sysnet_use_ldap(pyicqt_t)
')
+
@@ -61344,7 +61375,7 @@ index 941380a..ce8c972 100644
# Allow sssd_t to restart the apache service
sssd_initrc_domtrans($1)
diff --git a/policy/modules/services/sssd.te b/policy/modules/services/sssd.te
-index 8ffa257..d0c7e39 100644
+index 8ffa257..2d420f6 100644
--- a/policy/modules/services/sssd.te
+++ b/policy/modules/services/sssd.te
@@ -17,6 +17,7 @@ files_pid_file(sssd_public_t)
@@ -61360,10 +61391,11 @@ index 8ffa257..d0c7e39 100644
# sssd local policy
#
-allow sssd_t self:capability { dac_read_search dac_override kill sys_nice setgid setuid };
+-allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
+-allow sssd_t self:fifo_file rw_file_perms;
+
+allow sssd_t self:capability { chown dac_read_search dac_override kill net_admin sys_nice setgid setuid sys_admin sys_resource };
- allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
--allow sssd_t self:fifo_file rw_file_perms;
++allow sssd_t self:process { setfscreate setsched sigkill signal getsched setrlimit };
+allow sssd_t self:fifo_file rw_fifo_file_perms;
+allow sssd_t self:key manage_key_perms;
allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -77731,7 +77763,7 @@ index db75976..ce61aed 100644
+
+/var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 4b2878a..88476fe 100644
+index 4b2878a..c4d63ba 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -80146,7 +80178,7 @@ index 4b2878a..88476fe 100644
## Create keys for all user domains.
## </summary>
## <param name="domain">
-@@ -3194,3 +3934,1165 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3194,3 +3934,1201 @@ interface(`userdom_dbus_send_all_users',`
allow $1 userdomain:dbus send_msg;
')
@@ -81312,8 +81344,44 @@ index 4b2878a..88476fe 100644
+ # gnome_admin_home_gconf_filetrans($1, home_bin_t, dir, "bin")
+ #')
+')
++
++########################################
++## <summary>
++## Make the specified type able to read content in user home dirs
++## </summary>
++## <param name="type">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_home_reader',`
++ gen_require(`
++ attribute userdom_home_reader_type;
++ ')
++
++ typeattribute $1 userdom_home_reader_type;
++')
++
++########################################
++## <summary>
++## Make the specified type able to manage content in user home dirs
++## </summary>
++## <param name="type">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_home_manager',`
++ gen_require(`
++ attribute userdom_home_manager_type;
++ ')
++
++ typeattribute $1 userdom_home_manager_type;
++')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
-index 9b4a930..107f262 100644
+index 9b4a930..8525f8a 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -7,7 +7,7 @@ policy_module(userdomain, 4.5.2)
@@ -81353,10 +81421,13 @@ index 9b4a930..107f262 100644
# all user domains
attribute userdomain;
-@@ -59,6 +74,19 @@ attribute unpriv_userdomain;
+@@ -59,6 +74,22 @@ attribute unpriv_userdomain;
attribute untrusted_content_type;
attribute untrusted_content_tmp_type;
++attribute userdom_home_reader_type;
++attribute userdom_home_manager_type;
++
+# unprivileged user domains
+attribute user_home_type;
+attribute user_tmp_type;
@@ -81373,7 +81444,7 @@ index 9b4a930..107f262 100644
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t };
fs_associate_tmpfs(user_home_dir_t)
files_type(user_home_dir_t)
-@@ -71,26 +99,77 @@ ubac_constrained(user_home_dir_t)
+@@ -71,26 +102,108 @@ ubac_constrained(user_home_dir_t)
type user_home_t alias { staff_home_t sysadm_home_t secadm_home_t auditadm_home_t unconfined_home_t };
typealias user_home_t alias { staff_untrusted_content_t sysadm_untrusted_content_t secadm_untrusted_content_t auditadm_untrusted_content_t unconfined_untrusted_content_t };
@@ -81453,6 +81524,37 @@ index 9b4a930..107f262 100644
+optional_policy(`
+ xserver_filetrans_home_content(userdomain)
+')
++
++tunable_policy(`use_nfs_home_dirs',`
++ fs_read_nfs_files(userdom_home_reader_type)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_read_cifs_files(userdom_home_reader_type)
++')
++
++tunable_policy(`use_fusefs_home_dirs',`
++ fs_read_fusefs_files(userdom_home_reader_type)
++')
++
++tunable_policy(`use_nfs_home_dirs',`
++ fs_list_auto_mountpoints(userdom_home_manager_type)
++ fs_manage_nfs_dirs(userdom_home_manager_type)
++ fs_manage_nfs_files(userdom_home_manager_type)
++ fs_manage_nfs_symlinks(userdom_home_manager_type)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(userdom_home_manager_type)
++ fs_manage_cifs_files(userdom_home_manager_type)
++ fs_manage_cifs_symlinks(userdom_home_manager_type)
++')
++
++tunable_policy(`use_fusefs_home_dirs',`
++ fs_manage_fusefs_dirs(userdom_home_manager_type)
++ fs_manage_fusefs_files(userdom_home_manager_type)
++ fs_manage_fusefs_symlinks(userdom_home_manager_type)
++')
diff --git a/policy/modules/system/xen.fc b/policy/modules/system/xen.fc
index a865da7..a5ed06e 100644
--- a/policy/modules/system/xen.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e49622f..a27d796 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 79%{?dist}
+Release: 80%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,13 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Mar 13 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-80
+- Add own type for rdate port
+- Allow sssd setrlimit
+- Allow jaberrd-router to read kernel network state
+- Started to backport userdom_home_reader and userdom_home_manager concept from f17
+- Allow system_mail to send log msgs
+
* Wed Mar 7 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-79
- Allow system_mail to send log msgs
- Add login_userdomain attribute
More information about the scm-commits
mailing list