Amavis patch for connecting to nslcd from Miroslav Grepl.
* needs to talk to nslcd * needs sigkill * executes shell
This commit is contained in:
Chris PeBenito
parent
86460648a6
commit
0037b6084b
|
|
@ -1,3 +1,4 @@
|
|||
- Amavis patch for connecting to nslcd from Miroslav Grepl.
|
||||
- Shorewall patch from Miroslav Grepl.
|
||||
- Cpufreqselector dbus patch from Guido Trentalancia.
|
||||
- Cron pam_namespace and pam_loginuid support from Harry Ciao.
|
||||
|
|
|
|||
|
|
@ -183,7 +183,7 @@ interface(`amavis_setattr_pid_files',`
|
|||
type amavis_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 amavis_var_run_t:file setattr;
|
||||
allow $1 amavis_var_run_t:file setattr_file_perms;
|
||||
files_search_pids($1)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(amavis, 1.11.0)
|
||||
policy_module(amavis, 1.11.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -47,7 +47,7 @@ files_type(amavis_spool_t)
|
|||
|
||||
allow amavis_t self:capability { kill chown dac_override setgid setuid };
|
||||
dontaudit amavis_t self:capability sys_tty_config;
|
||||
allow amavis_t self:process { signal sigchld signull };
|
||||
allow amavis_t self:process { signal sigchld sigkill signull };
|
||||
allow amavis_t self:fifo_file rw_fifo_file_perms;
|
||||
allow amavis_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow amavis_t self:unix_dgram_socket create_socket_perms;
|
||||
|
|
@ -76,7 +76,7 @@ files_search_spool(amavis_t)
|
|||
|
||||
# tmp files
|
||||
manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
|
||||
allow amavis_t amavis_tmp_t:dir setattr;
|
||||
allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
|
||||
files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
|
||||
|
||||
# var/lib files for amavis
|
||||
|
|
@ -86,7 +86,7 @@ manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
|
|||
files_search_var_lib(amavis_t)
|
||||
|
||||
# log files
|
||||
allow amavis_t amavis_var_log_t:dir setattr;
|
||||
allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
|
||||
manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
|
||||
manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
|
||||
logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
|
||||
|
|
@ -105,6 +105,7 @@ kernel_dontaudit_read_system_state(amavis_t)
|
|||
|
||||
# find perl
|
||||
corecmd_exec_bin(amavis_t)
|
||||
corecmd_exec_shell(amavis_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(amavis_t)
|
||||
corenet_all_recvfrom_netlabel(amavis_t)
|
||||
|
|
@ -169,6 +170,10 @@ optional_policy(`
|
|||
dcc_stream_connect_dccifd(amavis_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nslcd_stream_connect(amavis_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
postfix_read_config(amavis_t)
|
||||
')
|
||||
|
|
|
|||
Loading…
Reference in New Issue