rpms/selinux-policy/F-9 policy-20071130.patch, 1.150, 1.151 selinux-policy.spec, 1.670, 1.671

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue May 20 21:21:48 UTC 2008


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8792

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-55
- More fixes for spamassassin


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.150
retrieving revision 1.151
diff -u -r1.150 -r1.151
--- policy-20071130.patch	20 May 2008 19:30:01 -0000	1.150
+++ policy-20071130.patch	20 May 2008 21:20:59 -0000	1.151
@@ -23099,8 +23099,8 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2008-05-08 11:06:32.000000000 -0400
-@@ -149,3 +149,85 @@
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2008-05-20 16:49:39.433100000 -0400
+@@ -149,3 +149,104 @@
  
  	logging_log_filetrans($1,sendmail_log_t,file)
  ')
@@ -23186,6 +23186,25 @@
 +	role $2 types unconfined_sendmail_t;
 +	allow unconfined_sendmail_t $3:chr_file rw_file_perms;
 +')
++
++########################################
++## <summary>
++##	Allow attempts to read and write to
++##	sendmail unnamed pipes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`sendmail_rw_pipes',`
++	gen_require(`
++		type sendmail_t;
++	')
++
++	allow $1 sendmail_t:fifo_file rw_fifo_file_perms; 
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2008-02-26 08:23:10.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2008-05-08 11:06:32.000000000 -0400
@@ -23912,7 +23931,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.3.1/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc	2008-05-08 11:06:32.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc	2008-05-20 16:49:22.009675000 -0400
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:user_spamassassin_home_t,s0)
@@ -23930,7 +23949,8 @@
 +/var/log/spamd\.log	--	gen_context(system_u:object_r:spamd_log_t,s0)
 +
  /var/run/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
- /var/run/spamass-milter(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
+-/var/run/spamass-milter(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
++/var/run/spamass-milter.*	gen_context(system_u:object_r:spamd_var_run_t,s0)
 +/var/spool/milter-regex(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
  
  /var/spool/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_spool_t,s0)
@@ -24508,7 +24528,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te	2008-05-20 15:17:39.975695000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te	2008-05-20 17:09:45.819685000 -0400
 @@ -21,8 +21,10 @@
  gen_tunable(spamd_enable_home_dirs,true)
  
@@ -24638,7 +24658,7 @@
  ')
  
  optional_policy(`
-@@ -212,3 +260,206 @@
+@@ -212,3 +260,214 @@
  optional_policy(`
  	udev_read_db(spamd_t)
  ')
@@ -24673,9 +24693,13 @@
 +files_tmp_filetrans(spamassassin_t, user_spamassassin_tmp_t, { file dir })
 +
 +kernel_read_kernel_sysctls(spamassassin_t)
++kernel_read_system_state(spamassassin_t)
 +
 +dev_read_urand(spamassassin_t)
 +
++files_list_var_lib(spamassassin_t)
++read_files_pattern(spamassassin_t,spamd_var_lib_t,spamd_var_lib_t)
++
 +fs_search_auto_mountpoints(spamassassin_t)
 +
 +# this should probably be removed
@@ -24693,6 +24717,8 @@
 +files_read_usr_files(spamassassin_t)
 +files_dontaudit_search_var(spamassassin_t)
 +
++auth_use_nsswitch(spamassassin_t)
++
 +libs_use_ld_so(spamassassin_t)
 +libs_use_shared_libs(spamassassin_t)
 +
@@ -24707,6 +24733,7 @@
 +
 +userdom_use_unpriv_users_fds(spamassassin_t)
 +userdom_search_user_home_dirs(user,spamassassin_t)
++userdom_list_user_files(user, spamassassin_t)
 +# cjp: this really should just be the
 +# terminal specific to the role
 +userdom_use_unpriv_users_ptys(spamassassin_t)
@@ -24755,6 +24782,7 @@
 +optional_policy(`
 +	mta_read_config(spamassassin_t)
 +	sendmail_stub(spamassassin_t)
++	sendmail_rw_pipes(spamassassin_t)
 +')
 +
 +##############################


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.670
retrieving revision 1.671
diff -u -r1.670 -r1.671
--- selinux-policy.spec	20 May 2008 19:13:41 -0000	1.670
+++ selinux-policy.spec	20 May 2008 21:20:59 -0000	1.671
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 54%{?dist}
+Release: 55%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,9 @@
 %endif
 
 %changelog
+* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-55
+- More fixes for spamassassin
+
 * Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-54
 - Allow spamassassin_t to be run by system_r
 




More information about the fedora-extras-commits mailing list