diff --git a/.cvsignore b/.cvsignore index 06084cd..ebd9d0e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -132,3 +132,4 @@ serefpolicy-3.1.2.tgz serefpolicy-3.2.1.tgz serefpolicy-3.2.2.tgz serefpolicy-3.2.3.tgz +serefpolicy-3.2.4.tgz diff --git a/policy-20071130.patch b/policy-20071130.patch index 938366b..e6ca8ed 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -5055,7 +5055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron +/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.2.4/policy/modules/services/cron.if --- nsaserefpolicy/policy/modules/services/cron.if 2007-10-12 08:56:07.000000000 -0400 -+++ serefpolicy-3.2.4/policy/modules/services/cron.if 2007-12-13 13:34:36.000000000 -0500 ++++ serefpolicy-3.2.4/policy/modules/services/cron.if 2007-12-13 14:22:04.000000000 -0500 @@ -35,38 +35,23 @@ # template(`cron_per_role_template',` @@ -5923,9 +5923,37 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus + +') + +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.2.4/policy/modules/services/dcc.if +--- nsaserefpolicy/policy/modules/services/dcc.if 2007-03-26 10:39:05.000000000 -0400 ++++ serefpolicy-3.2.4/policy/modules/services/dcc.if 2007-12-13 15:58:07.000000000 -0500 +@@ -72,6 +72,24 @@ + + ######################################## + ## <summary> ++## Send a signal to the dcc_client. ++## </summary> ++## <param name="domain"> ++## <summary> ++## Domain allowed access. ++## </summary> ++## </param> ++# ++interface(`dcc_signal_client',` ++ gen_require(` ++ type dcc_client_t; ++ ') ++ ++ allow $1 dcc_client_t:process signal; ++') ++ ++######################################## ++## <summary> + ## Execute dcc_client in the dcc_client domain, and + ## allow the specified role the dcc_client domain. + ## </summary> diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.2.4/policy/modules/services/dcc.te --- nsaserefpolicy/policy/modules/services/dcc.te 2007-10-12 08:56:07.000000000 -0400 -+++ serefpolicy-3.2.4/policy/modules/services/dcc.te 2007-12-13 13:34:36.000000000 -0500 ++++ serefpolicy-3.2.4/policy/modules/services/dcc.te 2007-12-13 15:52:57.000000000 -0500 @@ -124,7 +124,7 @@ # dcc procmail interface local policy # @@ -5935,6 +5963,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc. allow dcc_client_t self:unix_dgram_socket create_socket_perms; allow dcc_client_t self:udp_socket create_socket_perms; +@@ -148,6 +148,8 @@ + files_read_etc_files(dcc_client_t) + files_read_etc_runtime_files(dcc_client_t) + ++kernel_read_system_state(dcc_client_t) ++ + libs_use_ld_so(dcc_client_t) + libs_use_shared_libs(dcc_client_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.2.4/policy/modules/services/dictd.fc --- nsaserefpolicy/policy/modules/services/dictd.fc 2006-11-16 17:15:20.000000000 -0500 +++ serefpolicy-3.2.4/policy/modules/services/dictd.fc 2007-12-13 13:34:36.000000000 -0500 @@ -6054,7 +6091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.2.4/policy/modules/services/dovecot.te --- nsaserefpolicy/policy/modules/services/dovecot.te 2007-12-04 11:02:50.000000000 -0500 -+++ serefpolicy-3.2.4/policy/modules/services/dovecot.te 2007-12-13 13:34:36.000000000 -0500 ++++ serefpolicy-3.2.4/policy/modules/services/dovecot.te 2007-12-13 15:31:36.000000000 -0500 @@ -15,6 +15,12 @@ domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t) role system_r types dovecot_auth_t; @@ -9815,7 +9852,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.2.4/policy/modules/services/spamassassin.te --- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-10-12 08:56:07.000000000 -0400 -+++ serefpolicy-3.2.4/policy/modules/services/spamassassin.te 2007-12-13 13:34:37.000000000 -0500 ++++ serefpolicy-3.2.4/policy/modules/services/spamassassin.te 2007-12-13 15:58:16.000000000 -0500 @@ -44,6 +44,15 @@ type spamassassin_exec_t; application_executable_file(spamassassin_exec_t) @@ -9858,6 +9895,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam fs_manage_cifs_files(spamd_t) ') +@@ -171,6 +183,7 @@ + + optional_policy(` + dcc_domtrans_client(spamd_t) ++ dcc_signal_client(spamd_t) + dcc_stream_connect_dccifd(spamd_t) + ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.2.4/policy/modules/services/squid.fc --- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500 +++ serefpolicy-3.2.4/policy/modules/services/squid.fc 2007-12-13 13:34:37.000000000 -0500 @@ -11789,7 +11834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.2.4/policy/modules/system/init.te --- nsaserefpolicy/policy/modules/system/init.te 2007-12-04 11:02:50.000000000 -0500 -+++ serefpolicy-3.2.4/policy/modules/system/init.te 2007-12-13 13:34:37.000000000 -0500 ++++ serefpolicy-3.2.4/policy/modules/system/init.te 2007-12-13 14:23:31.000000000 -0500 @@ -10,6 +10,20 @@ # Declarations # @@ -11943,7 +11988,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t ') optional_policy(` -@@ -743,6 +779,10 @@ +@@ -729,6 +765,11 @@ + uml_setattr_util_sockets(initrc_t) + ') + ++# Cron jobs used to start and stop services ++optional_policy(` ++ cron_read_pipes(daemon) ++') ++ + optional_policy(` + unconfined_domain(initrc_t) + +@@ -743,6 +784,10 @@ ') optional_policy(` diff --git a/sources b/sources index f3c183f..db8a81e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -37b636c3ce51c9c50ebe45aa01b6bb9b serefpolicy-3.2.3.tgz +cef1db667a75f7bcc53d3541c01a4a2d serefpolicy-3.2.4.tgz