Sasl patch from Dan Walsh.

2010-03-22 11:22:25 -04:00 · 2010-03-22 11:22:25 -04:00 · cf7eb082d2
parent 449d2069ac
commit cf7eb082d2
1 changed files with 3 additions and 12 deletions
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@ -1,5 +1,5 @@

-policy_module(sasl, 1.12.0)
+policy_module(sasl, 1.12.1)

 ########################################
 #
@ -31,7 +31,7 @@ files_pid_file(saslauthd_var_run_t)
 # Local policy
 #

-allow saslauthd_t self:capability setuid;
+allow saslauthd_t self:capability { setgid setuid };
 dontaudit saslauthd_t self:capability sys_tty_config;
 allow saslauthd_t self:process signal_perms;
 allow saslauthd_t self:fifo_file rw_fifo_file_perms;
@ -58,7 +58,6 @@ corenet_tcp_sendrecv_all_ports(saslauthd_t)
 corenet_tcp_connect_pop_port(saslauthd_t)
 corenet_sendrecv_pop_client_packets(saslauthd_t)

-dev_read_sysfs(saslauthd_t)
 dev_read_urand(saslauthd_t)

 fs_getattr_all_fs(saslauthd_t)
@ -66,8 +65,7 @@ fs_search_auto_mountpoints(saslauthd_t)

 selinux_compute_access_vector(saslauthd_t)

-auth_domtrans_chk_passwd(saslauthd_t)
-auth_use_nsswitch(saslauthd_t)
+auth_use_pam(saslauthd_t)

 domain_use_interactive_fds(saslauthd_t)

@ -86,8 +84,6 @@ miscfiles_read_certs(saslauthd_t)

 seutil_dontaudit_read_config(saslauthd_t)

-sysnet_read_config(saslauthd_t)
-
 userdom_dontaudit_use_unpriv_user_fds(saslauthd_t)
 userdom_dontaudit_search_user_home_dirs(saslauthd_t)

@ -99,7 +95,6 @@ tunable_policy(`allow_saslauthd_read_shadow',`

 optional_policy(`
 	kerberos_keytab_template(saslauthd, saslauthd_t)
-	kerberos_manage_host_rcache(saslauthd_t)
 ')

 optional_policy(`
@ -107,10 +102,6 @@ optional_policy(`
 	mysql_stream_connect(saslauthd_t)
 ')

-optional_policy(`
-	nis_authenticate(saslauthd_t)
-')
-
 optional_policy(`
 	seutil_sigchld_newrole(saslauthd_t)
 ')