rpms/selinux-policy/F-9 policy-20071130.patch, 1.150, 1.151 selinux-policy.spec, 1.670, 1.671
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue May 20 21:21:48 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8792
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-55
- More fixes for spamassassin
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.150
retrieving revision 1.151
diff -u -r1.150 -r1.151
--- policy-20071130.patch 20 May 2008 19:30:01 -0000 1.150
+++ policy-20071130.patch 20 May 2008 21:20:59 -0000 1.151
@@ -23099,8 +23099,8 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if 2008-05-08 11:06:32.000000000 -0400
-@@ -149,3 +149,85 @@
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if 2008-05-20 16:49:39.433100000 -0400
+@@ -149,3 +149,104 @@
logging_log_filetrans($1,sendmail_log_t,file)
')
@@ -23186,6 +23186,25 @@
+ role $2 types unconfined_sendmail_t;
+ allow unconfined_sendmail_t $3:chr_file rw_file_perms;
+')
++
++########################################
++## <summary>
++## Allow attempts to read and write to
++## sendmail unnamed pipes.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`sendmail_rw_pipes',`
++ gen_require(`
++ type sendmail_t;
++ ')
++
++ allow $1 sendmail_t:fifo_file rw_fifo_file_perms;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2008-02-26 08:23:10.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te 2008-05-08 11:06:32.000000000 -0400
@@ -23912,7 +23931,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.3.1/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc 2008-05-08 11:06:32.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc 2008-05-20 16:49:22.009675000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:user_spamassassin_home_t,s0)
@@ -23930,7 +23949,8 @@
+/var/log/spamd\.log -- gen_context(system_u:object_r:spamd_log_t,s0)
+
/var/run/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
- /var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
+-/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
++/var/run/spamass-milter.* gen_context(system_u:object_r:spamd_var_run_t,s0)
+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
/var/spool/spamassassin(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
@@ -24508,7 +24528,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2008-05-20 15:17:39.975695000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2008-05-20 17:09:45.819685000 -0400
@@ -21,8 +21,10 @@
gen_tunable(spamd_enable_home_dirs,true)
@@ -24638,7 +24658,7 @@
')
optional_policy(`
-@@ -212,3 +260,206 @@
+@@ -212,3 +260,214 @@
optional_policy(`
udev_read_db(spamd_t)
')
@@ -24673,9 +24693,13 @@
+files_tmp_filetrans(spamassassin_t, user_spamassassin_tmp_t, { file dir })
+
+kernel_read_kernel_sysctls(spamassassin_t)
++kernel_read_system_state(spamassassin_t)
+
+dev_read_urand(spamassassin_t)
+
++files_list_var_lib(spamassassin_t)
++read_files_pattern(spamassassin_t,spamd_var_lib_t,spamd_var_lib_t)
++
+fs_search_auto_mountpoints(spamassassin_t)
+
+# this should probably be removed
@@ -24693,6 +24717,8 @@
+files_read_usr_files(spamassassin_t)
+files_dontaudit_search_var(spamassassin_t)
+
++auth_use_nsswitch(spamassassin_t)
++
+libs_use_ld_so(spamassassin_t)
+libs_use_shared_libs(spamassassin_t)
+
@@ -24707,6 +24733,7 @@
+
+userdom_use_unpriv_users_fds(spamassassin_t)
+userdom_search_user_home_dirs(user,spamassassin_t)
++userdom_list_user_files(user, spamassassin_t)
+# cjp: this really should just be the
+# terminal specific to the role
+userdom_use_unpriv_users_ptys(spamassassin_t)
@@ -24755,6 +24782,7 @@
+optional_policy(`
+ mta_read_config(spamassassin_t)
+ sendmail_stub(spamassassin_t)
++ sendmail_rw_pipes(spamassassin_t)
+')
+
+##############################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.670
retrieving revision 1.671
diff -u -r1.670 -r1.671
--- selinux-policy.spec 20 May 2008 19:13:41 -0000 1.670
+++ selinux-policy.spec 20 May 2008 21:20:59 -0000 1.671
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 54%{?dist}
+Release: 55%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,9 @@
%endif
%changelog
+* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-55
+- More fixes for spamassassin
+
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-54
- Allow spamassassin_t to be run by system_r
More information about the fedora-extras-commits
mailing list