diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 9a5802c..66bd9d5 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,4 @@ +- Miscellaneous fixes from Dan Walsh. - Change initrc_var_run_t interface noun from script_pid to utmp, for greater clarity. - Added modules: diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if index 4f6c9f4..b269b63 100644 --- a/refpolicy/policy/modules/kernel/files.if +++ b/refpolicy/policy/modules/kernel/files.if @@ -2135,10 +2135,9 @@ interface(`files_dontaudit_getattr_tmp_dir',` interface(`files_search_tmp',` gen_require(` type tmp_t; - class dir search; ') - allow $1 tmp_t:dir search; + allow $1 tmp_t:dir search_dir_perms; ') ######################################## diff --git a/refpolicy/policy/modules/services/fetchmail.te b/refpolicy/policy/modules/services/fetchmail.te index 44a8381..d1f3a03 100644 --- a/refpolicy/policy/modules/services/fetchmail.te +++ b/refpolicy/policy/modules/services/fetchmail.te @@ -1,5 +1,5 @@ -policy_module(fetchmail,1.0.0) +policy_module(fetchmail,1.0.1) ######################################## # @@ -29,6 +29,7 @@ allow fetchmail_t self:unix_dgram_socket create_socket_perms; allow fetchmail_t self:unix_stream_socket create_stream_socket_perms; allow fetchmail_t self:tcp_socket create_socket_perms; allow fetchmail_t self:udp_socket create_socket_perms; +allow fetchmail_t self:netlink_route_socket r_netlink_socket_perms; allow fetchmail_t fetchmail_etc_t:file r_file_perms; @@ -41,6 +42,7 @@ files_filetrans_pid(fetchmail_t,fetchmail_var_run_t) kernel_read_kernel_sysctl(fetchmail_t) kernel_list_proc(fetchmail_t) +kernel_getattr_proc_files(fetchmail_t) kernel_read_proc_symlinks(fetchmail_t) corenet_non_ipsec_sendrecv(fetchmail_t) @@ -59,8 +61,11 @@ corenet_udp_bind_all_nodes(fetchmail_t) corenet_tcp_connect_all_ports(fetchmail_t) dev_read_sysfs(fetchmail_t) +dev_read_rand(fetchmail_t) +dev_read_urand(fetchmail_t) files_read_etc_files(fetchmail_t) +files_read_etc_runtime_files(fetchmail_t) fs_getattr_all_fs(fetchmail_t) fs_search_auto_mountpoints(fetchmail_t) @@ -78,6 +83,7 @@ libs_use_shared_libs(fetchmail_t) logging_send_syslog_msg(fetchmail_t) miscfiles_read_localization(fetchmail_t) +miscfiles_read_certs(fetchmail_t) sysnet_read_config(fetchmail_t) diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te index fc9c179..07a9fb2 100644 --- a/refpolicy/policy/modules/services/hal.te +++ b/refpolicy/policy/modules/services/hal.te @@ -1,5 +1,5 @@ -policy_module(hal,1.2.0) +policy_module(hal,1.2.1) ######################################## # @@ -139,6 +139,7 @@ ifdef(`targeted_policy', ` term_dontaudit_use_unallocated_tty(hald_t) term_dontaudit_use_generic_pty(hald_t) files_dontaudit_read_root_file(hald_t) + files_dontaudit_getattr_home_dir(hald_t) ') optional_policy(`apm',` diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te index 2992ca7..4cf2fb9 100644 --- a/refpolicy/policy/modules/services/procmail.te +++ b/refpolicy/policy/modules/services/procmail.te @@ -1,5 +1,5 @@ -policy_module(procmail,1.1.0) +policy_module(procmail,1.1.1) ######################################## # @@ -99,6 +99,7 @@ optional_policy(`sendmail',` optional_policy(`spamassassin',` corenet_udp_bind_generic_port(procmail_t) + corenet_tcp_connect_spamd_port(procmail_t) files_getattr_tmp_dir(procmail_t)