From f79314234aace7726f7fe8ba3613773aac3df4a2 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Feb 11 2009 19:28:30 +0000 Subject: trunk: 6 patches from dan. --- diff --git a/policy/modules/apps/awstats.te b/policy/modules/apps/awstats.te index 8b1cbb2..1b39adc 100644 --- a/policy/modules/apps/awstats.te +++ b/policy/modules/apps/awstats.te @@ -1,5 +1,5 @@ -policy_module(awstats, 1.0.0) +policy_module(awstats, 1.0.1) ######################################## # @@ -47,6 +47,8 @@ files_read_etc_files(awstats_t) # e.g. /usr/share/awstats/lang/awstats-en.txt files_read_usr_files(awstats_t) +fs_list_inotifyfs(awstats_t) + libs_read_lib_files(awstats_t) miscfiles_read_localization(awstats_t) diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te index 2bee666..46bd829 100644 --- a/policy/modules/apps/webalizer.te +++ b/policy/modules/apps/webalizer.te @@ -1,5 +1,5 @@ -policy_module(webalizer, 1.8.2) +policy_module(webalizer, 1.8.3) ######################################## # @@ -68,6 +68,8 @@ corenet_tcp_sendrecv_all_ports(webalizer_t) fs_search_auto_mountpoints(webalizer_t) fs_getattr_xattr_fs(webalizer_t) +fs_rw_anon_inodefs_files(webalizer_t) +fs_list_inotifyfs(webalizer_t) files_read_etc_files(webalizer_t) files_read_etc_runtime_files(webalizer_t) diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te index ba949bc..115741f 100644 --- a/policy/modules/services/apm.te +++ b/policy/modules/services/apm.te @@ -1,5 +1,5 @@ -policy_module(apm, 1.9.0) +policy_module(apm, 1.9.1) ######################################## # @@ -181,7 +181,7 @@ optional_policy(` ') optional_policy(` - dbus_stub(apmd_t) + dbus_system_bus_client(apmd_t) optional_policy(` consolekit_dbus_chat(apmd_t) diff --git a/policy/modules/services/cyphesis.fc b/policy/modules/services/cyphesis.fc index 74a8802..c47a772 100644 --- a/policy/modules/services/cyphesis.fc +++ b/policy/modules/services/cyphesis.fc @@ -1 +1,5 @@ /usr/bin/cyphesis -- gen_context(system_u:object_r:cyphesis_exec_t,s0) + +/var/log/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_log_t,s0) + +/var/run/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_var_run_t,s0) diff --git a/policy/modules/services/cyphesis.te b/policy/modules/services/cyphesis.te index 8f02eb5..a66e4d9 100644 --- a/policy/modules/services/cyphesis.te +++ b/policy/modules/services/cyphesis.te @@ -1,5 +1,5 @@ -policy_module(cyphesis, 1.1.1) +policy_module(cyphesis, 1.1.2) ######################################## # diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te index 21e80ad..4830af9 100644 --- a/policy/modules/services/ldap.te +++ b/policy/modules/services/ldap.te @@ -1,5 +1,5 @@ -policy_module(ldap, 1.9.2) +policy_module(ldap, 1.9.3) ######################################## # @@ -117,7 +117,11 @@ userdom_dontaudit_use_unpriv_user_fds(slapd_t) userdom_dontaudit_search_user_home_dirs(slapd_t) optional_policy(` - kerberos_use(slapd_t) + kerberos_keytab_template(slapd, slapd_t) +') + +optional_policy(` + sasl_connect(slapd_t) ') optional_policy(` diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te index f472ca9..b88e6ad 100644 --- a/policy/modules/services/telnet.te +++ b/policy/modules/services/telnet.te @@ -1,5 +1,5 @@ -policy_module(telnet, 1.8.2) +policy_module(telnet, 1.8.3) ######################################## # @@ -87,8 +87,8 @@ remotelogin_domtrans(telnetd_t) userdom_search_user_home_dirs(telnetd_t) optional_policy(` - kerberos_use(telnetd_t) - kerberos_read_keytab(telnetd_t) + kerberos_keytab_template(telnetd, telnetd_t) + kerberos_manage_host_rcache(telnetd_t) ') tunable_policy(`use_nfs_home_dirs',`