Procmail patch from Dan Walsh.

2010-05-20 08:17:06 -04:00 · 2010-05-20 08:17:06 -04:00 · b276e36914
parent e19b8d1c2e
commit b276e36914
1 changed files with 5 additions and 4 deletions
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@ -1,5 +1,5 @@
-policy_module(procmail, 1.11.0)
+policy_module(procmail, 1.11.1)
 ########################################
 #
@ -22,7 +22,7 @@ files_tmp_file(procmail_tmp_t)
 # Local policy
 #
-allow procmail_t self:capability { sys_nice chown setuid setgid dac_override };
+allow procmail_t self:capability { sys_nice chown fsetid setuid setgid dac_override };
 allow procmail_t self:process { setsched signal signull };
 allow procmail_t self:fifo_file rw_fifo_file_perms;
 allow procmail_t self:unix_stream_socket create_socket_perms;
@ -92,6 +92,7 @@ userdom_user_home_dir_filetrans_user_home_content(procmail_t, { dir file lnk_fil
 userdom_dontaudit_search_user_home_dirs(procmail_t)
 mta_manage_spool(procmail_t)
 mta_read_queue(procmail_t)
 ifdef(`hide_broken_symptoms',`
 	mta_dontaudit_rw_queue(procmail_t)
@ -136,8 +137,8 @@ optional_policy(`
 	mta_read_config(procmail_t)
 	sendmail_domtrans(procmail_t)
 	sendmail_signal(procmail_t)
-	sendmail_rw_tcp_sockets(procmail_t)
+	sendmail_dontaudit_rw_tcp_sockets(procmail_t)
-	sendmail_rw_unix_stream_sockets(procmail_t)
+	sendmail_dontaudit_rw_unix_stream_sockets(procmail_t)
 ')
 optional_policy(`