diff --git a/Changelog b/Changelog index 729781f..1d200f1 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- RPC update from Vaclav Ovsik. - Exim updates on Debian from Devin Carrawy. - Pam and samba updates from Stefan Schulze Frielinghaus. - Backup update on Debian from Vaclav Ovsik. diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc index 9dc1709..629f473 100644 --- a/policy/modules/services/rpc.fc +++ b/policy/modules/services/rpc.fc @@ -7,6 +7,7 @@ # /sbin # /sbin/rpc\..* -- gen_context(system_u:object_r:rpcd_exec_t,s0) +/sbin/sm-notify -- gen_context(system_u:object_r:rpcd_exec_t,s0) # # /usr diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te index b01f613..067b02a 100644 --- a/policy/modules/services/rpc.te +++ b/policy/modules/services/rpc.te @@ -1,5 +1,5 @@ -policy_module(rpc,1.7.0) +policy_module(rpc,1.7.1) ######################################## # @@ -60,10 +60,15 @@ allow rpcd_t rpcd_var_run_t:dir setattr; manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t) files_pid_filetrans(rpcd_t,rpcd_var_run_t,file) +# rpc.statd executes sm-notify +can_exec(rpcd_t, rpcd_exec_t) +corecmd_search_bin(rpcd_t) + kernel_read_system_state(rpcd_t) kernel_search_network_state(rpcd_t) # for rpc.rquotad kernel_read_sysctl(rpcd_t) +kernel_rw_fs_sysctls(rpcd_t) fs_list_rpc(rpcd_t) fs_read_rpc_files(rpcd_t)