diff --git a/Changelog b/Changelog index 6f9a3fb..4145ecd 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Confine sendmail and logrotate on targeted. - Tunable connection to postgresql for users from KaiGai Kohei. - Memprotect support patch from Stephen Smalley. - Add logging_send_audit_msgs() interface and deprecate diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te index 6fb2b1a..8fa5c81 100644 --- a/policy/modules/admin/logrotate.te +++ b/policy/modules/admin/logrotate.te @@ -1,5 +1,5 @@ -policy_module(logrotate,1.4.0) +policy_module(logrotate,1.4.1) ######################################## # @@ -130,10 +130,6 @@ ifdef(`distro_debian', ` can_exec(logrotate_t, logrotate_exec_t) ') -ifdef(`targeted_policy',` - unconfined_domain(logrotate_t) -') - optional_policy(` acct_domtrans(logrotate_t) acct_manage_data(logrotate_t) diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te index 67257c9..13bcb92 100644 --- a/policy/modules/services/sendmail.te +++ b/policy/modules/services/sendmail.te @@ -1,5 +1,5 @@ -policy_module(sendmail,1.4.1) +policy_module(sendmail,1.4.2) ######################################## # @@ -107,7 +107,6 @@ mta_manage_queue(sendmail_t) mta_manage_spool(sendmail_t) ifdef(`targeted_policy',` - unconfined_domain(sendmail_t) term_dontaudit_use_unallocated_ttys(sendmail_t) term_dontaudit_use_generic_ptys(sendmail_t) files_dontaudit_read_root_files(sendmail_t)