trunk: 3 patches from dan
This commit is contained in:
Chris PeBenito
parent
d534d35a7e
commit
6649aec9d0
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(logwatch,1.4.1)
|
||||
policy_module(logwatch,1.4.2)
|
||||
|
||||
#################################
|
||||
#
|
||||
|
|
@ -63,6 +63,8 @@ files_search_spool(logwatch_t)
|
|||
files_search_mnt(logwatch_t)
|
||||
files_dontaudit_search_home(logwatch_t)
|
||||
files_dontaudit_search_boot(logwatch_t)
|
||||
# Execs df and if file system mounted with a context avc raised
|
||||
files_dontaudit_search_all_dirs(logwatch_t)
|
||||
|
||||
fs_getattr_all_fs(logwatch_t)
|
||||
fs_dontaudit_list_auto_mountpoints(logwatch_t)
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ ifdef(`distro_redhat', `
|
|||
|
||||
/dev/ataraid/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||
|
||||
/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||
/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||
|
||||
/dev/fuse -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||
/dev/floppy/[^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(spamassassin,1.6.0)
|
||||
policy_module(spamassassin,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -103,6 +103,7 @@ corenet_udp_sendrecv_all_ports(spamd_t)
|
|||
corenet_tcp_bind_all_nodes(spamd_t)
|
||||
corenet_tcp_bind_spamd_port(spamd_t)
|
||||
corenet_tcp_connect_razor_port(spamd_t)
|
||||
corenet_tcp_connect_smtp_port(spamd_t)
|
||||
corenet_sendrecv_razor_client_packets(spamd_t)
|
||||
corenet_sendrecv_spamd_server_packets(spamd_t)
|
||||
# spamassassin 3.1 needs this for its
|
||||
|
|
@ -191,6 +192,11 @@ optional_policy(`
|
|||
dcc_stream_connect_dccifd(spamd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
mysql_search_db(spamd_t)
|
||||
mysql_stream_connect(spamd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nis_use_ypbind(spamd_t)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(iptables,1.3.0)
|
||||
policy_module(iptables,1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -56,6 +56,7 @@ term_dontaudit_use_console(iptables_t)
|
|||
domain_use_interactive_fds(iptables_t)
|
||||
|
||||
files_read_etc_files(iptables_t)
|
||||
files_read_etc_runtime_files(iptables_t)
|
||||
|
||||
init_use_fds(iptables_t)
|
||||
init_use_script_ptys(iptables_t)
|
||||
|
|
@ -83,6 +84,10 @@ ifdef(`targeted_policy', `
|
|||
unconfined_rw_pipes(iptables_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
fail2ban_append_log(iptables_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
firstboot_use_fds(iptables_t)
|
||||
firstboot_rw_pipes(iptables_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue