diff --git a/policy-20080710.patch b/policy-20080710.patch index 07c9e40..dc18e51 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -20593,7 +20593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te --- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-26 13:30:44.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-29 15:43:57.000000000 -0400 @@ -6,6 +6,14 @@ # Declarations # @@ -20681,7 +20681,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # allow access to deferred queue and allow removing bogus incoming entries manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t) manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t) -@@ -181,12 +195,17 @@ +@@ -142,6 +156,7 @@ + + delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t) + rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t) ++setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t) + + kernel_read_all_sysctls(postfix_master_t) + +@@ -181,12 +196,17 @@ mta_rw_aliases(postfix_master_t) mta_read_sendmail_bin(postfix_master_t) @@ -20699,7 +20707,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # for postalias mailman_manage_data_files(postfix_master_t) ') -@@ -255,6 +274,10 @@ +@@ -255,6 +275,10 @@ corecmd_exec_bin(postfix_cleanup_t) @@ -20710,7 +20718,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Postfix local local policy -@@ -280,18 +303,25 @@ +@@ -280,18 +304,25 @@ files_read_etc_files(postfix_local_t) @@ -20736,7 +20744,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -302,8 +332,7 @@ +@@ -302,8 +333,7 @@ # # Postfix map local policy # @@ -20746,7 +20754,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow postfix_map_t self:unix_stream_socket create_stream_socket_perms; allow postfix_map_t self:unix_dgram_socket create_socket_perms; allow postfix_map_t self:tcp_socket create_stream_socket_perms; -@@ -353,8 +382,6 @@ +@@ -353,8 +383,6 @@ miscfiles_read_localization(postfix_map_t) @@ -20755,7 +20763,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol tunable_policy(`read_default_t',` files_list_default(postfix_map_t) files_read_default_files(postfix_map_t) -@@ -367,6 +394,11 @@ +@@ -367,6 +395,11 @@ locallogin_dontaudit_use_fds(postfix_map_t) ') @@ -20767,7 +20775,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Postfix pickup local policy -@@ -391,6 +423,7 @@ +@@ -391,6 +424,7 @@ # allow postfix_pipe_t self:fifo_file rw_fifo_file_perms; @@ -20775,7 +20783,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t) -@@ -398,6 +431,12 @@ +@@ -398,6 +432,12 @@ rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t) @@ -20788,7 +20796,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol optional_policy(` procmail_domtrans(postfix_pipe_t) ') -@@ -407,6 +446,14 @@ +@@ -407,6 +447,14 @@ ') optional_policy(` @@ -20803,7 +20811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol uucp_domtrans_uux(postfix_pipe_t) ') -@@ -443,8 +490,7 @@ +@@ -443,8 +491,7 @@ ') optional_policy(` @@ -20813,7 +20821,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ####################################### -@@ -470,6 +516,15 @@ +@@ -470,6 +517,15 @@ init_sigchld_script(postfix_postqueue_t) init_use_script_fds(postfix_postqueue_t) @@ -20829,7 +20837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Postfix qmgr local policy -@@ -564,6 +619,10 @@ +@@ -564,6 +620,10 @@ sasl_connect(postfix_smtpd_t) ') @@ -20840,7 +20848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Postfix virtual local policy -@@ -579,7 +638,7 @@ +@@ -579,7 +639,7 @@ files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir }) # connect to master process @@ -29787,6 +29795,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +optional_policy(` + xserver_rw_xdm_home_files(daemon) +') +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.5.5/policy/modules/system/iscsi.te +--- nsaserefpolicy/policy/modules/system/iscsi.te 2008-08-11 11:23:34.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/system/iscsi.te 2008-08-29 15:34:11.000000000 -0400 +@@ -28,7 +28,7 @@ + # iscsid local policy + # + +-allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource }; ++allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_nice sys_resource }; + allow iscsid_t self:process { setrlimit setsched signal }; + allow iscsid_t self:fifo_file { read write }; + allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.5/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/system/libraries.fc 2008-08-25 13:04:38.000000000 -0400