diff --git a/Changelog b/Changelog index acaf378..b1f7917 100644 --- a/Changelog +++ b/Changelog @@ -1,4 +1,5 @@ -- Cracklib update on Deban from Vaclav Ovsik. +- Backup update on Debian from Vaclav Ovsik. +- Cracklib update on Debian from Vaclav Ovsik. - Label /proc/kallsyms with system_map_t. - 64-bit capabilities from Stephen Smalley. - Labeled networking peer object class updates. diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc index b4671ae..223b7f2 100644 --- a/policy/modules/admin/backup.fc +++ b/policy/modules/admin/backup.fc @@ -4,4 +4,10 @@ # backup_store_t, Debian uses /var/backups #/usr/local/bin/backup-script -- gen_context(system_u:object_r:backup_exec_t,s0) + +ifdef(`distro_debian',` +/etc/cron.daily/aptitude -- gen_context(system_u:object_r:backup_exec_t,s0) +/etc/cron.daily/standard -- gen_context(system_u:object_r:backup_exec_t,s0) +') + /var/backups(/.*)? gen_context(system_u:object_r:backup_store_t,s0) diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te index b72d4d6..64c2be4 100644 --- a/policy/modules/admin/backup.te +++ b/policy/modules/admin/backup.te @@ -1,5 +1,5 @@ -policy_module(backup,1.2.0) +policy_module(backup,1.2.1) ######################################## # @@ -27,7 +27,7 @@ allow backup_t self:tcp_socket create_socket_perms; allow backup_t self:udp_socket create_socket_perms; allow backup_t backup_store_t:file setattr; -create_files_pattern(backup_t,backup_store_t,backup_store_t) +manage_files_pattern(backup_t,backup_store_t,backup_store_t) rw_files_pattern(backup_t,backup_store_t,backup_store_t) read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t) @@ -35,6 +35,7 @@ kernel_read_system_state(backup_t) kernel_read_kernel_sysctls(backup_t) corecmd_exec_bin(backup_t) +corecmd_exec_shell(backup_t) corenet_all_recvfrom_unlabeled(backup_t) corenet_all_recvfrom_netlabel(backup_t) diff --git a/policy/modules/admin/logrotate.fc b/policy/modules/admin/logrotate.fc index e058a17..36c8de7 100644 --- a/policy/modules/admin/logrotate.fc +++ b/policy/modules/admin/logrotate.fc @@ -3,7 +3,6 @@ /usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0) ifdef(`distro_debian', ` -/usr/bin/savelog -- gen_context(system_u:object_r:logrotate_exec_t,s0) /var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0) ', ` /var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0) diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te index e2742d2..5b11e37 100644 --- a/policy/modules/admin/logrotate.te +++ b/policy/modules/admin/logrotate.te @@ -1,5 +1,5 @@ -policy_module(logrotate,1.7.0) +policy_module(logrotate,1.7.1) ######################################## #