From 657c226c4009b14e98cb886b86d7a85ded259e3d Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Nov 06 2008 22:36:50 +0000 Subject: trunk: 7 patches from dan. --- diff --git a/policy/modules/services/fetchmail.if b/policy/modules/services/fetchmail.if index bee8324..6537214 100644 --- a/policy/modules/services/fetchmail.if +++ b/policy/modules/services/fetchmail.if @@ -21,10 +21,10 @@ interface(`fetchmail_admin',` ps_process_pattern($1, fetchmail_t) files_list_etc($1) - manage_files_pattern($1, fetchmail_etc_t, fetchmail_etc_t) + admin_pattern($1, fetchmail_etc_t) - manage_files_pattern($1, fetchmail_uidl_cache_t, fetchmail_uidl_cache_t) + admin_pattern($1, fetchmail_uidl_cache_t) files_list_pids($1) - manage_files_pattern($1, fetchmail_var_run_t, fetchmail_var_run_t) + admin_pattern($1, fetchmail_var_run_t) ') diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te index 3ee6d4b..a844c31 100644 --- a/policy/modules/services/fetchmail.te +++ b/policy/modules/services/fetchmail.te @@ -1,5 +1,5 @@ -policy_module(fetchmail, 1.7.1) +policy_module(fetchmail, 1.7.2) ######################################## # @@ -87,6 +87,10 @@ optional_policy(` ') optional_policy(` + sendmail_manage_log(fetchmail_t) +') + +optional_policy(` seutil_sigchld_newrole(fetchmail_t) ') diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te index e9af057..78fac53 100644 --- a/policy/modules/services/portmap.te +++ b/policy/modules/services/portmap.te @@ -1,5 +1,5 @@ -policy_module(portmap, 1.7.1) +policy_module(portmap, 1.7.2) ######################################## # @@ -41,9 +41,8 @@ files_tmp_filetrans(portmap_t, portmap_tmp_t, { file dir }) manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t) files_pid_filetrans(portmap_t, portmap_var_run_t, file) +kernel_read_system_state(portmap_t) kernel_read_kernel_sysctls(portmap_t) -kernel_list_proc(portmap_t) -kernel_read_proc_symlinks(portmap_t) corenet_all_recvfrom_unlabeled(portmap_t) corenet_all_recvfrom_netlabel(portmap_t) diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te index c247f4f..a2a742e 100644 --- a/policy/modules/services/radius.te +++ b/policy/modules/services/radius.te @@ -1,5 +1,5 @@ -policy_module(radius, 1.9.1) +policy_module(radius, 1.9.2) ######################################## # @@ -59,8 +59,9 @@ logging_log_filetrans(radiusd_t, radiusd_log_t,{ file dir }) manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t) +manage_sock_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t) manage_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t) -files_pid_filetrans(radiusd_t, radiusd_var_run_t, file) +files_pid_filetrans(radiusd_t, radiusd_var_run_t, { file sock_file }) kernel_read_kernel_sysctls(radiusd_t) kernel_read_system_state(radiusd_t) diff --git a/policy/modules/services/rpcbind.fc b/policy/modules/services/rpcbind.fc index 7bcfe6f..f5c47d6 100644 --- a/policy/modules/services/rpcbind.fc +++ b/policy/modules/services/rpcbind.fc @@ -1,4 +1,4 @@ -/etc/rc.d/init.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0) +/etc/rc\.d/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0) /sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0) diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te index f24332f..17f2edc 100644 --- a/policy/modules/services/rpcbind.te +++ b/policy/modules/services/rpcbind.te @@ -1,5 +1,5 @@ -policy_module(rpcbind, 1.2.0) +policy_module(rpcbind, 1.2.1) ######################################## # @@ -60,6 +60,7 @@ corenet_udp_bind_all_rpc_ports(rpcbind_t) domain_use_interactive_fds(rpcbind_t) files_read_etc_files(rpcbind_t) +files_read_etc_runtime_files(rpcbind_t) logging_send_syslog_msg(rpcbind_t) diff --git a/policy/modules/services/rsync.fc b/policy/modules/services/rsync.fc index 503812f..89e09a5 100644 --- a/policy/modules/services/rsync.fc +++ b/policy/modules/services/rsync.fc @@ -3,4 +3,4 @@ /var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0) -/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_log_t,s0) +/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0) diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te index dcd0d1e..0858b16 100644 --- a/policy/modules/services/rsync.te +++ b/policy/modules/services/rsync.te @@ -1,5 +1,5 @@ -policy_module(rsync, 1.7.0) +policy_module(rsync, 1.7.1) ######################################## # @@ -45,7 +45,7 @@ files_pid_file(rsync_var_run_t) # Local policy # -allow rsync_t self:capability { dac_read_search dac_override setuid setgid sys_chroot }; +allow rsync_t self:capability { chown dac_read_search dac_override fowner fsetid setuid setgid sys_chroot }; allow rsync_t self:process signal_perms; allow rsync_t self:fifo_file rw_fifo_file_perms; allow rsync_t self:tcp_socket create_stream_socket_perms; diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te index dbdd85a..9d27e15 100644 --- a/policy/modules/services/sysstat.te +++ b/policy/modules/services/sysstat.te @@ -1,5 +1,5 @@ -policy_module(sysstat, 1.3.1) +policy_module(sysstat, 1.3.2) ######################################## # @@ -47,6 +47,7 @@ files_read_etc_runtime_files(sysstat_t) files_read_etc_files(sysstat_t) fs_getattr_xattr_fs(sysstat_t) +fs_list_inotifyfs(sysstat_t) term_use_console(sysstat_t) term_use_all_terms(sysstat_t) diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te index 67b736a..5c80ded 100644 --- a/policy/modules/services/tftp.te +++ b/policy/modules/services/tftp.te @@ -1,5 +1,5 @@ -policy_module(tftp, 1.9.1) +policy_module(tftp, 1.9.2) ######################################## # @@ -75,6 +75,7 @@ fs_search_auto_mountpoints(tftpd_t) domain_use_interactive_fds(tftpd_t) files_read_etc_files(tftpd_t); +files_read_etc_runtime_files(tftpd_t); files_read_var_files(tftpd_t) files_read_var_symlinks(tftpd_t) files_search_var(tftpd_t)