Updates on the file contexts, supporting AMD64 multilib environment
( Patch 10 has been revoked a-la-last-minute, needs further testing )
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
postalias should stay bin_t, is manually executed (no role executes
postfix_master_exec_t as it is only to be launched through init scripts).
The postalias command is used to regenerate the aliases.db file from the
mail aliases and as such is a system administrative activity. However, by
default, no role has execute rights on any postfix_master_exec_t domains as
the domain is apparently meant only to be started from the run_init_t
domain.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Cyrus sasl by default looks in /var/lib/sasl2 for its PID file, socket
creation and lock files.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Update on the file contexts for courier-imap. Also fixes a few context
directives which didn't update the directory itself.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
The alsactl binary is often installed in /usr/sbin instead of /sbin (not a
necessity to start up the system). Used in distributions such as Gentoo,
Slackware and Arch.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
When starting the X server from the console (using the startx script
that is being shipped with package xinit from X.Org), a few more
permissions are needed from the reference policy.
The label is for a file created by the startx script (from X.Org) and
the module being requested is ipv6 (which can be disabled by other
means).
Allow xserver_restricted_role domains to call/start Xorg (using startx), fixes
15-second lag/timeout (needs siginh permission as provided by
xserver_domtrans).
Apparently, the 15-second lag (or some other behavior) was already detected
in the past, giving rise to the SIGINH permission in the xserver_domtrans()
interface.
However, domains that are given the xserver_(restricted_)role do not call
the xserver_domtrans but rather the "standard" domtrans_pattern.
The new patch suggests to use xserver_domtrans in the
xserver_restricted_role, which automatically includes the siginh permission
then.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This patch adds a new interface to the cpufreqselector module
to allow dbus chat. It then uses such interface to allow dbus chat
with system_dbusd_t and xdm_t. This patch also adds some other
permissions needed to run cpufreqselector.
