diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te index 889e581..a725aff 100644 --- a/policy/modules/admin/vpn.te +++ b/policy/modules/admin/vpn.te @@ -1,5 +1,5 @@ -policy_module(vpn,1.6.0) +policy_module(vpn,1.6.1) ######################################## # @@ -82,6 +82,8 @@ files_read_etc_runtime_files(vpnc_t) files_read_etc_files(vpnc_t) files_dontaudit_search_home(vpnc_t) +auth_use_nsswitch(vpnc_t) + libs_exec_ld_so(vpnc_t) libs_exec_lib_files(vpnc_t) libs_use_ld_so(vpnc_t) @@ -110,11 +112,3 @@ optional_policy(` networkmanager_dbus_chat(vpnc_t) ') ') - -optional_policy(` - nis_use_ypbind(vpnc_t) -') - -optional_policy(` - nscd_socket_use(vpnc_t) -') diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if index 80e87d5..ee4d4b2 100644 --- a/policy/modules/apps/thunderbird.if +++ b/policy/modules/apps/thunderbird.if @@ -62,7 +62,6 @@ template(`thunderbird_per_role_template',` allow $1_thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind }; allow $1_thunderbird_t self:tcp_socket create_socket_perms; allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write }; - allow $1_thunderbird_t self:netlink_route_socket r_netlink_socket_perms; # Access ~/.thunderbird manage_dirs_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t) @@ -146,16 +145,14 @@ template(`thunderbird_per_role_template',` # Access ~/.thunderbird fs_search_auto_mountpoints($1_thunderbird_t) + auth_use_nsswitch($1_thunderbird_t) + libs_use_shared_libs($1_thunderbird_t) libs_use_ld_so($1_thunderbird_t) miscfiles_read_fonts($1_thunderbird_t) miscfiles_read_localization($1_thunderbird_t) - sysnet_read_config($1_thunderbird_t) - # Allow DNS - sysnet_dns_name_resolve($1_thunderbird_t) - userdom_manage_user_tmp_dirs($1,$1_thunderbird_t) userdom_read_user_tmp_files($1,$1_thunderbird_t) userdom_write_user_tmp_sockets($1,$1_thunderbird_t) @@ -341,14 +338,6 @@ template(`thunderbird_per_role_template',` mozilla_dbus_chat($1, $1_thunderbird_t) ') - optional_policy(` - nis_use_ypbind($1_thunderbird_t) - ') - - optional_policy(` - nscd_socket_use($1_thunderbird_t) - ') - ifdef(`TODO',` # FIXME: Rules were removed to centralize policy in a gnome_app macro # A similar thing might be necessary for mozilla compiled without GNOME diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te index eeb4681..ef28806 100644 --- a/policy/modules/apps/thunderbird.te +++ b/policy/modules/apps/thunderbird.te @@ -1,5 +1,5 @@ -policy_module(thunderbird,1.4.1) +policy_module(thunderbird,1.4.2) ######################################## # diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if index b701897..c000e40 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -87,6 +87,8 @@ template(`mta_base_mail_template',` # It wants to check for nscd files_dontaudit_search_pids($1_mail_t) + auth_use_nsswitch($1_mail_t) + libs_use_ld_so($1_mail_t) libs_use_shared_libs($1_mail_t) @@ -94,17 +96,6 @@ template(`mta_base_mail_template',` miscfiles_read_localization($1_mail_t) - sysnet_read_config($1_mail_t) - sysnet_dns_name_resolve($1_mail_t) - - optional_policy(` - nis_use_ypbind($1_mail_t) - ') - - optional_policy(` - nscd_socket_use($1_mail_t) - ') - optional_policy(` postfix_domtrans_user_mail_handler($1_mail_t) ') diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te index 01bfa9f..fb5475d 100644 --- a/policy/modules/services/mta.te +++ b/policy/modules/services/mta.te @@ -1,5 +1,5 @@ -policy_module(mta,1.8.1) +policy_module(mta,1.8.2) ######################################## # diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index 2d60404..98a82ac 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -1,5 +1,5 @@ -policy_module(postgresql,1.4.2) +policy_module(postgresql,1.4.3) ################################# # @@ -42,7 +42,6 @@ allow postgresql_t self:tcp_socket create_stream_socket_perms; allow postgresql_t self:udp_socket create_stream_socket_perms; allow postgresql_t self:unix_dgram_socket create_socket_perms; allow postgresql_t self:unix_stream_socket create_stream_socket_perms; -allow postgresql_t self:netlink_route_socket r_netlink_socket_perms; manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t) manage_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t) @@ -116,6 +115,8 @@ files_search_etc(postgresql_t) files_read_etc_runtime_files(postgresql_t) files_read_usr_files(postgresql_t) +auth_use_nsswitch(postgresql_t) + init_read_utmp(postgresql_t) libs_use_ld_so(postgresql_t) @@ -127,9 +128,6 @@ miscfiles_read_localization(postgresql_t) seutil_dontaudit_search_config(postgresql_t) -sysnet_read_config(postgresql_t) -sysnet_use_ldap(postgresql_t) - userdom_dontaudit_search_sysadm_home_dirs(postgresql_t) userdom_dontaudit_use_sysadm_ttys(postgresql_t) userdom_dontaudit_use_unpriv_user_fds(postgresql_t) @@ -162,10 +160,6 @@ optional_policy(` ') optional_policy(` - nis_use_ypbind(postgresql_t) -') - -optional_policy(` seutil_sigchld_newrole(postgresql_t) ') diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te index b9abd31..08b6841 100644 --- a/policy/modules/services/rshd.te +++ b/policy/modules/services/rshd.te @@ -1,5 +1,5 @@ -policy_module(rshd,1.4.1) +policy_module(rshd,1.4.2) ######################################## # @@ -52,6 +52,8 @@ files_list_home(rshd_t) files_read_etc_files(rshd_t) files_search_tmp(rshd_t) +auth_use_nsswitch(rshd_t) + libs_use_ld_so(rshd_t) libs_use_shared_libs(rshd_t) @@ -62,8 +64,6 @@ miscfiles_read_localization(rshd_t) seutil_read_config(rshd_t) seutil_read_default_contexts(rshd_t) -sysnet_read_config(rshd_t) - userdom_search_all_users_home_content(rshd_t) tunable_policy(`use_nfs_home_dirs',` @@ -81,10 +81,6 @@ optional_policy(` ') optional_policy(` - nscd_socket_use(rshd_t) -') - -optional_policy(` tcpd_wrapped_domain(rshd_t,rshd_exec_t) ') diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te index 19aaa10..38c6b4d 100644 --- a/policy/modules/services/samba.te +++ b/policy/modules/services/samba.te @@ -1,5 +1,5 @@ -policy_module(samba,1.6.3) +policy_module(samba,1.6.4) ################################# # @@ -197,10 +197,6 @@ optional_policy(` kerberos_use(samba_net_t) ') -optional_policy(` - nscd_socket_use(samba_net_t) -') - ######################################## # # smbd Local policy @@ -728,10 +724,6 @@ optional_policy(` ') optional_policy(` - nscd_socket_use(winbind_t) -') - -optional_policy(` seutil_sigchld_newrole(winbind_t) ') @@ -760,6 +752,8 @@ term_list_ptys(winbind_helper_t) domain_use_interactive_fds(winbind_helper_t) +auth_use_nsswitch(winbind_helper_t) + libs_use_ld_so(winbind_helper_t) libs_use_shared_libs(winbind_helper_t) @@ -768,10 +762,6 @@ logging_send_syslog_msg(winbind_helper_t) miscfiles_read_localization(winbind_helper_t) optional_policy(` - nscd_socket_use(winbind_helper_t) -') - -optional_policy(` squid_read_log(winbind_helper_t) squid_append_log(winbind_helper_t) ') diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te index 5fce93b..d1c8e55 100644 --- a/policy/modules/services/sendmail.te +++ b/policy/modules/services/sendmail.te @@ -1,5 +1,5 @@ -policy_module(sendmail,1.6.1) +policy_module(sendmail,1.6.2) ######################################## # @@ -32,7 +32,6 @@ allow sendmail_t self:unix_stream_socket create_stream_socket_perms; allow sendmail_t self:unix_dgram_socket create_socket_perms; allow sendmail_t self:tcp_socket create_stream_socket_perms; allow sendmail_t self:udp_socket create_socket_perms; -allow sendmail_t self:netlink_route_socket r_netlink_socket_perms; allow sendmail_t sendmail_log_t:dir setattr; manage_files_pattern(sendmail_t,sendmail_log_t,sendmail_log_t) @@ -84,6 +83,8 @@ init_use_script_ptys(sendmail_t) init_read_utmp(sendmail_t) init_dontaudit_write_utmp(sendmail_t) +auth_use_nsswitch(sendmail_t) + libs_use_ld_so(sendmail_t) libs_use_shared_libs(sendmail_t) # Read /usr/lib/sasl2/.* @@ -94,9 +95,6 @@ logging_send_syslog_msg(sendmail_t) miscfiles_read_certs(sendmail_t) miscfiles_read_localization(sendmail_t) -sysnet_dns_name_resolve(sendmail_t) -sysnet_read_config(sendmail_t) - userdom_dontaudit_use_unpriv_user_fds(sendmail_t) userdom_dontaudit_search_sysadm_home_dirs(sendmail_t) @@ -113,14 +111,6 @@ optional_policy(` ') optional_policy(` - nis_use_ypbind(sendmail_t) -') - -optional_policy(` - nscd_socket_use(sendmail_t) -') - -optional_policy(` postfix_exec_master(sendmail_t) postfix_read_config(sendmail_t) postfix_search_spool(sendmail_t) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 919dd78..c52e26a 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -101,7 +101,6 @@ allow xdm_t self:fifo_file rw_fifo_file_perms; allow xdm_t self:shm create_shm_perms; allow xdm_t self:sem create_sem_perms; allow xdm_t self:unix_stream_socket { connectto create_stream_socket_perms }; -allow xdm_t self:netlink_route_socket r_netlink_socket_perms; allow xdm_t self:unix_dgram_socket create_socket_perms; allow xdm_t self:tcp_socket create_stream_socket_perms; allow xdm_t self:udp_socket create_socket_perms; @@ -336,10 +335,6 @@ optional_policy(` ') optional_policy(` - nscd_socket_use(xdm_t) -') - -optional_policy(` seutil_sigchld_newrole(xdm_t) ') diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index c9b2cc6..1d1c2ed 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -126,14 +126,6 @@ optional_policy(` locallogin_use_fds(pam_t) ') -optional_policy(` - nis_use_ypbind(pam_t) -') - -optional_policy(` - nscd_socket_use(pam_t) -') - ######################################## # # PAM console local policy diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te index 7cb9ab8..86d0ad7 100644 --- a/policy/modules/system/mount.te +++ b/policy/modules/system/mount.te @@ -184,10 +184,6 @@ optional_policy(` samba_domtrans_smbmount(mount_t) ') -optional_policy(` - nscd_socket_use(mount_t) -') - ######################################## # # Unconfined mount local policy