nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Amavis patch for connecting to nslcd from Miroslav Grepl.

Browse Source 
* needs to talk to nslcd
* needs sigkill
* executes shell
This commit is contained in:
Chris PeBenito 2011-03-21 10:22:10 -04:00
parent 86460648a6
commit 0037b6084b
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog
View File

@ -1,3 +1,4 @@
- Amavis patch for connecting to nslcd from Miroslav Grepl.
- Shorewall patch from Miroslav Grepl.
- Cpufreqselector dbus patch from Guido Trentalancia.
- Cron pam_namespace and pam_loginuid support from Harry Ciao.

2
policy/modules/services/amavis.if
View File

@ -183,7 +183,7 @@ interface(`amavis_setattr_pid_files',`
type amavis_var_run_t;
')
allow $1 amavis_var_run_t:file setattr;
allow $1 amavis_var_run_t:file setattr_file_perms;
files_search_pids($1)
')

13
policy/modules/services/amavis.te
View File

@ -1,4 +1,4 @@
policy_module(amavis, 1.11.0)
policy_module(amavis, 1.11.1)
########################################
#
@ -47,7 +47,7 @@ files_type(amavis_spool_t)
allow amavis_t self:capability { kill chown dac_override setgid setuid };
dontaudit amavis_t self:capability sys_tty_config;
allow amavis_t self:process { signal sigchld signull };
allow amavis_t self:process { signal sigchld sigkill signull };
allow amavis_t self:fifo_file rw_fifo_file_perms;
allow amavis_t self:unix_stream_socket create_stream_socket_perms;
allow amavis_t self:unix_dgram_socket create_socket_perms;
@ -76,7 +76,7 @@ files_search_spool(amavis_t)
# tmp files
manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
allow amavis_t amavis_tmp_t:dir setattr;
allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
# var/lib files for amavis
@ -86,7 +86,7 @@ manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
files_search_var_lib(amavis_t)
# log files
allow amavis_t amavis_var_log_t:dir setattr;
allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
@ -105,6 +105,7 @@ kernel_dontaudit_read_system_state(amavis_t)
# find perl
corecmd_exec_bin(amavis_t)
corecmd_exec_shell(amavis_t)
corenet_all_recvfrom_unlabeled(amavis_t)
corenet_all_recvfrom_netlabel(amavis_t)
@ -169,6 +170,10 @@ optional_policy(`
dcc_stream_connect_dccifd(amavis_t)
')
optional_policy(`
nslcd_stream_connect(amavis_t)
')
optional_policy(`
postfix_read_config(amavis_t)
')