diff --git a/Changelog b/Changelog index 4145ecd..06da490 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Drop snmpd_etc_t. - Confine sendmail and logrotate on targeted. - Tunable connection to postgresql for users from KaiGai Kohei. - Memprotect support patch from Stephen Smalley. diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index 55a5908..0339a5d 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -1,5 +1,5 @@ -policy_module(files,1.5.0) +policy_module(files,1.5.1) ######################################## # @@ -54,6 +54,7 @@ type etc_t; files_type(etc_t) # compatibility aliases for removed types: typealias etc_t alias automount_etc_t; +typealias etc_t alias snmpd_etc_t; # # etc_runtime_t is the type of various diff --git a/policy/modules/services/snmp.fc b/policy/modules/services/snmp.fc index 5ebade8..fbe30aa 100644 --- a/policy/modules/services/snmp.fc +++ b/policy/modules/services/snmp.fc @@ -1,10 +1,3 @@ - -# -# /etc -# - -/etc/snmp/snmp(trap)?d\.conf -- gen_context(system_u:object_r:snmpd_etc_t,s0) - # # /usr # diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te index 40ebbd7..f515d71 100644 --- a/policy/modules/services/snmp.te +++ b/policy/modules/services/snmp.te @@ -1,5 +1,5 @@ -policy_module(snmp,1.4.2) +policy_module(snmp,1.4.3) ######################################## # @@ -9,9 +9,6 @@ type snmpd_t; type snmpd_exec_t; init_daemon_domain(snmpd_t,snmpd_exec_t) -type snmpd_etc_t; -files_config_file(snmpd_etc_t) - type snmpd_log_t; logging_log_file(snmpd_log_t) @@ -33,8 +30,6 @@ allow snmpd_t self:unix_stream_socket create_stream_socket_perms; allow snmpd_t self:tcp_socket create_stream_socket_perms; allow snmpd_t self:udp_socket connected_stream_socket_perms; -allow snmpd_t snmpd_etc_t:file { getattr read }; - allow snmpd_t snmpd_log_t:file manage_file_perms; logging_log_filetrans(snmpd_t,snmpd_log_t,file)