RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Amavis patch for connecting to nslcd from Miroslav Grepl. 

* needs to talk to nslcd
* needs sigkill
* executes shell
This commit is contained in:
Chris PeBenito 2011-03-21 10:22:10 -04:00
parent 86460648a6
commit 0037b6084b
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog
View File

@ -1,3 +1,4 @@
- Amavis patch for connecting to nslcd from Miroslav Grepl.
- Shorewall patch from Miroslav Grepl. - Shorewall patch from Miroslav Grepl.
- Cpufreqselector dbus patch from Guido Trentalancia. - Cpufreqselector dbus patch from Guido Trentalancia.
- Cron pam_namespace and pam_loginuid support from Harry Ciao. - Cron pam_namespace and pam_loginuid support from Harry Ciao.

2
policy/modules/services/amavis.if
View File

@ -183,7 +183,7 @@ interface(`amavis_setattr_pid_files',`
type amavis_var_run_t; type amavis_var_run_t;
') ')
allow $1 amavis_var_run_t:file setattr; allow $1 amavis_var_run_t:file setattr_file_perms;
files_search_pids($1) files_search_pids($1)
') ')

13
policy/modules/services/amavis.te
View File

@ -1,4 +1,4 @@
policy_module(amavis, 1.11.0) policy_module(amavis, 1.11.1)
######################################## ########################################
# #
@ -47,7 +47,7 @@ files_type(amavis_spool_t)
allow amavis_t self:capability { kill chown dac_override setgid setuid }; allow amavis_t self:capability { kill chown dac_override setgid setuid };
dontaudit amavis_t self:capability sys_tty_config; dontaudit amavis_t self:capability sys_tty_config;
allow amavis_t self:process { signal sigchld signull }; allow amavis_t self:process { signal sigchld sigkill signull };
allow amavis_t self:fifo_file rw_fifo_file_perms; allow amavis_t self:fifo_file rw_fifo_file_perms;
allow amavis_t self:unix_stream_socket create_stream_socket_perms; allow amavis_t self:unix_stream_socket create_stream_socket_perms;
allow amavis_t self:unix_dgram_socket create_socket_perms; allow amavis_t self:unix_dgram_socket create_socket_perms;
@ -76,7 +76,7 @@ files_search_spool(amavis_t)
# tmp files # tmp files
manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t) manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
allow amavis_t amavis_tmp_t:dir setattr; allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
files_tmp_filetrans(amavis_t, amavis_tmp_t, file) files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
# var/lib files for amavis # var/lib files for amavis
@ -86,7 +86,7 @@ manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
files_search_var_lib(amavis_t) files_search_var_lib(amavis_t)
# log files # log files
allow amavis_t amavis_var_log_t:dir setattr; allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t) manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t) manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir }) logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
@ -105,6 +105,7 @@ kernel_dontaudit_read_system_state(amavis_t)
# find perl # find perl
corecmd_exec_bin(amavis_t) corecmd_exec_bin(amavis_t)
corecmd_exec_shell(amavis_t)
corenet_all_recvfrom_unlabeled(amavis_t) corenet_all_recvfrom_unlabeled(amavis_t)
corenet_all_recvfrom_netlabel(amavis_t) corenet_all_recvfrom_netlabel(amavis_t)
@ -169,6 +170,10 @@ optional_policy(`
dcc_stream_connect_dccifd(amavis_t) dcc_stream_connect_dccifd(amavis_t)
') ')
optional_policy(`
nslcd_stream_connect(amavis_t)
')
optional_policy(` optional_policy(`
postfix_read_config(amavis_t) postfix_read_config(amavis_t)
') ')