more fix
This commit is contained in:
parent
3e639ab08b
commit
d3f715d228
|
@ -188,6 +188,8 @@ optional_policy(`postfix.te',`
|
|||
allow system_mail_t etc_aliases_t:fifo_file create_file_perms;
|
||||
files_create_etc_config(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
|
||||
|
||||
domain_use_wide_inherit_fd(system_mail_t)
|
||||
|
||||
optional_policy(`crond.te',`
|
||||
cron_crw_tcp_socket(system_mail_t)
|
||||
')
|
||||
|
@ -204,6 +206,10 @@ optional_policy(`sendmail.te',`
|
|||
# sendmail -q
|
||||
allow system_mail_t mqueue_spool_t:dir rw_dir_perms;
|
||||
allow system_mail_t mqueue_spool_t:file create_file_perms;
|
||||
|
||||
# FIXME:
|
||||
allow system_mail_t sendmail_log_t:file manage_file_perms;
|
||||
logging_create_log(system_mail_t,sendmail_log_t)
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
|
|
|
@ -35,6 +35,10 @@ allow sendmail_t self:fifo_file rw_file_perms;
|
|||
allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow sendmail_t self:unix_dgram_socket create_socket_perms;
|
||||
|
||||
allow sendmail_t sendmail_log_t:file create_file_perms;
|
||||
allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
|
||||
logging_create_log(sendmail_t,sendmail_log_t,{ file dir })
|
||||
|
||||
kernel_read_kernel_sysctl(sendmail_t)
|
||||
# for piping mail to a command
|
||||
kernel_read_system_state(sendmail_t)
|
||||
|
@ -102,10 +106,6 @@ ifdef(`targeted_policy',`
|
|||
term_dontaudit_use_generic_pty(sendmail_t)
|
||||
files_dontaudit_read_root_file(sendmail_t)
|
||||
',`
|
||||
allow sendmail_t sendmail_log_t:file create_file_perms;
|
||||
allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
|
||||
logging_create_log(sendmail_t,sendmail_log_t,{ file dir })
|
||||
|
||||
allow sendmail_t sendmail_tmp_t:dir create_dir_perms;
|
||||
allow sendmail_t sendmail_tmp_t:file create_file_perms;
|
||||
files_create_tmp_files(sendmail_t, sendmail_tmp_t, { file dir })
|
||||
|
|
|
@ -292,9 +292,9 @@ kernel_read_kernel_sysctl(syslogd_t)
|
|||
kernel_read_proc_symlinks(syslogd_t)
|
||||
kernel_send_syslog_msg_from(devlog_t,syslogd_t)
|
||||
# Allow access to /proc/kmsg for syslog-ng
|
||||
kernel_read_messages(klogd_t)
|
||||
kernel_clear_ring_buffer(klogd_t)
|
||||
kernel_change_ring_buffer_level(klogd_t)
|
||||
kernel_read_messages(syslogd_t)
|
||||
kernel_clear_ring_buffer(syslogd_t)
|
||||
kernel_change_ring_buffer_level(syslogd_t)
|
||||
|
||||
dev_create_dev_node(syslogd_t,devlog_t,sock_file)
|
||||
dev_read_sysfs(syslogd_t)
|
||||
|
|
|
@ -32,6 +32,8 @@ ifdef(`targeted_policy',`
|
|||
# macros and domains from the "strict" policy.
|
||||
typealias unconfined_t alias { secadm_t sysadm_t };
|
||||
|
||||
files_create_boot_flag(unconfined_t)
|
||||
|
||||
init_domtrans_script(unconfined_t)
|
||||
|
||||
libs_domtrans_ldconfig(unconfined_t)
|
||||
|
@ -104,6 +106,10 @@ ifdef(`targeted_policy',`
|
|||
su_per_userdomain_template(sysadm,unconfined_t,system_r)
|
||||
')
|
||||
|
||||
optional_policy(`usermanage.te',`
|
||||
usermanage_domtrans_admin_passwd(unconfined_t)
|
||||
')
|
||||
|
||||
optional_policy(`webalizer.te',`
|
||||
webalizer_domtrans(unconfined_t)
|
||||
')
|
||||
|
|
Loading…
Reference in New Issue