SOURCES: policy-apache.patch, policy-postfix.patch - updated for 1.28

qboosh qboosh at pld-linux.org
Thu Dec 22 22:25:48 CET 2005 

Author: qboosh                       Date: Thu Dec 22 21:25:47 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- updated for 1.28

---- Files affected:
SOURCES:
   policy-apache.patch (1.5 -> 1.6) , policy-postfix.patch (1.10 -> 1.11) 

---- Diffs:

================================================================
Index: SOURCES/policy-apache.patch
diff -u SOURCES/policy-apache.patch:1.5 SOURCES/policy-apache.patch:1.6
--- SOURCES/policy-apache.patch:1.5	Fri Sep 23 11:26:01 2005
+++ SOURCES/policy-apache.patch	Thu Dec 22 22:25:41 2005
@@ -1,14 +1,14 @@
---- policy-1.26/file_contexts/program/apache.fc.orig	2005-07-18 22:13:38.000000000 +0200
-+++ policy-1.26/file_contexts/program/apache.fc	2005-09-23 10:08:00.196995520 +0200
-@@ -9,6 +9,7 @@
- /var/cache/httpd(/.*)?		system_u:object_r:httpd_cache_t
+--- policy-1.28/file_contexts/program/apache.fc.orig	2005-11-17 08:51:40.000000000 +0100
++++ policy-1.28/file_contexts/program/apache.fc	2005-12-22 22:02:34.334884376 +0100
+@@ -13,6 +13,7 @@
+ /var/cache/rt3(/.*)?	system_u:object_r:httpd_cache_t
  /etc/httpd		-d	system_u:object_r:httpd_config_t
  /etc/httpd/conf.*		system_u:object_r:httpd_config_t
 +/etc/httpd/httpd.conf(/.*)?	system_u:object_r:httpd_config_t
  /etc/httpd/logs			system_u:object_r:httpd_log_t
  /etc/httpd/modules		system_u:object_r:httpd_modules_t
  /etc/apache(2)?(/.*)?		system_u:object_r:httpd_config_t
-@@ -16,7 +17,7 @@
+@@ -20,7 +21,7 @@
  /usr/lib(64)?/apache(/.*)?		system_u:object_r:httpd_modules_t
  /usr/lib(64)?/apache2/modules(/.*)?	system_u:object_r:httpd_modules_t
  /usr/lib(64)?/httpd(/.*)?		system_u:object_r:httpd_modules_t
@@ -17,12 +17,12 @@
  /usr/sbin/apache(2)?	--	system_u:object_r:httpd_exec_t
  /usr/sbin/suexec	--	system_u:object_r:httpd_suexec_exec_t
  /usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- system_u:object_r:httpd_suexec_exec_t
-@@ -26,7 +27,7 @@
+@@ -30,7 +31,7 @@
  /var/log/cgiwrap\.log.*	--	system_u:object_r:httpd_log_t
  /var/cache/ssl.*\.sem	--	system_u:object_r:httpd_cache_t
  /var/cache/mod_ssl(/.*)?	system_u:object_r:httpd_cache_t
--/var/run/apache(2)?\.pid.* --	system_u:object_r:httpd_var_run_t
-+/var/run/((apache)|(httpd))(2)?\.pid.* --	system_u:object_r:httpd_var_run_t
+-/var/run/apache.*		system_u:object_r:httpd_var_run_t
++/var/run/(apache|httpd).*	system_u:object_r:httpd_var_run_t
  /var/lib/httpd(/.*)?		system_u:object_r:httpd_var_lib_t
+ /var/lib/dav(/.*)?		system_u:object_r:httpd_var_lib_t
  /var/lib/php/session(/.*)?	system_u:object_r:httpd_var_run_t
- /etc/apache-ssl(2)?(/.*)?	system_u:object_r:httpd_config_t

================================================================
Index: SOURCES/policy-postfix.patch
diff -u SOURCES/policy-postfix.patch:1.10 SOURCES/policy-postfix.patch:1.11
--- SOURCES/policy-postfix.patch:1.10	Fri Sep 23 11:26:01 2005
+++ SOURCES/policy-postfix.patch	Thu Dec 22 22:25:42 2005
@@ -44,15 +44,6 @@
  /var/log/sendmail\.st		--	system_u:object_r:sendmail_log_t
  /var/log/mail(/.*)?			system_u:object_r:sendmail_log_t
  /var/run/sendmail\.pid		--	system_u:object_r:sendmail_var_run_t
---- policy-1.26/domains/program/unused/mta.te.orig	2005-08-10 08:48:42.000000000 +0200
-+++ policy-1.26/domains/program/unused/mta.te	2005-09-23 10:04:23.130994568 +0200
-@@ -72,3 +72,6 @@
- 
- allow system_mail_t etc_runtime_t:file { getattr read };
- allow system_mail_t { random_device_t urandom_device_t }:chr_file { getattr read };
-+
-+# etc_mail_t is the type of /etc/mail.
-+type etc_mail_t, file_type, sysadmfile, usercanread;
 --- policy-1.24/domains/program/unused/pppd.te.orig	2005-05-23 21:20:02.000000000 +0200
 +++ policy-1.24/domains/program/unused/pppd.te	2005-07-02 00:40:23.013074488 +0200
 @@ -44,8 +44,8 @@
@@ -66,8 +57,8 @@
  allow pppd_t postfix_master_exec_t:file { getattr read };
  allow postfix_postqueue_t pppd_t:fd use;
  allow postfix_postqueue_t pppd_t:process sigchld;
---- policy-1.24/domains/program/unused/postfix.te.orig	2005-05-06 21:52:57.000000000 +0200
-+++ policy-1.24/domains/program/unused/postfix.te	2005-07-02 00:41:28.461124872 +0200
+--- policy-1.28/domains/program/unused/postfix.te.orig	2005-11-17 08:51:38.000000000 +0100
++++ policy-1.28/domains/program/unused/postfix.te	2005-12-22 21:59:16.635939184 +0100
 @@ -8,7 +8,6 @@
  # Type for files created during execution of postfix.
  type postfix_var_run_t, file_type, sysadmfile, pidfile;
@@ -101,25 +92,25 @@
  read_locale(postfix_$1_t)
  allow postfix_$1_t etc_t:file { getattr read };
  allow postfix_$1_t self:unix_dgram_socket create_socket_perms;
-@@ -79,7 +79,7 @@
- domain_auto_trans(sysadm_t, postfix_master_exec_t, postfix_master_t)
- allow sysadm_t postfix_master_t:process { noatsecure siginh rlimitinh };
+@@ -88,7 +88,7 @@
+ ifdef(`targeted_policy', `', `
  role_transition sysadm_r postfix_master_exec_t system_r;
+ ')
 -allow postfix_master_t postfix_etc_t:file rw_file_perms;
 +allow postfix_master_t etc_mail_t:file rw_file_perms;
  dontaudit postfix_master_t admin_tty_type:chr_file { read write };
  allow postfix_master_t devpts_t:dir search;
  
-@@ -97,7 +97,7 @@
- dontaudit postfix_master_t selinux_config_t:dir search;
+@@ -113,7 +113,7 @@
  can_exec({ sysadm_mail_t system_mail_t }, postfix_master_exec_t)
  ifdef(`distro_redhat', `
+ # compatability for old default main.cf
 -file_type_auto_trans({ sysadm_mail_t system_mail_t postfix_master_t }, postfix_etc_t, etc_aliases_t)
 +file_type_auto_trans({ sysadm_mail_t system_mail_t postfix_master_t }, etc_mail_t, etc_aliases_t)
- ', `
- file_type_auto_trans({ sysadm_mail_t system_mail_t }, etc_t, etc_aliases_t)
+ # for newer main.cf that uses /etc/aliases
+ file_type_auto_trans(postfix_master_t, etc_t, etc_aliases_t)
  ')
-@@ -222,8 +222,8 @@
+@@ -240,8 +240,8 @@
  allow postfix_cleanup_t self:process setrlimit;
  
  allow user_mail_domain postfix_spool_t:dir r_dir_perms;
@@ -130,16 +121,16 @@
  allow user_mail_domain self:capability dac_override;
  
  define(`postfix_user_domain', `
-@@ -329,7 +329,7 @@
+@@ -351,7 +351,7 @@
  domain_auto_trans(postfix_pipe_t, procmail_exec_t, procmail_t)
  ')
  ifdef(`sendmail.te', `
--allow sendmail_t postfix_etc_t:dir search;
-+allow sendmail_t etc_mail_t:dir search;
+-r_dir_file(sendmail_t, postfix_etc_t)
++r_dir_file(sendmail_t, etc_mail_t)
+ allow sendmail_t postfix_spool_t:dir search;
  ')
  
- # Program for creating database files
-@@ -337,7 +337,7 @@
+@@ -360,7 +360,7 @@
  base_file_read_access(postfix_map_t)
  allow postfix_map_t { etc_t etc_runtime_t }:{ file lnk_file } { getattr read };
  tmp_domain(postfix_map)
@@ -148,10 +139,10 @@
  allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
  dontaudit postfix_map_t proc_t:dir { getattr read search };
  dontaudit postfix_map_t local_login_t:fd use;
-@@ -350,3 +350,29 @@
+@@ -371,3 +371,29 @@
+ dontaudit postfix_map_t var_t:dir search;
+ can_network_server(postfix_map_t)
  allow postfix_map_t port_type:tcp_socket name_connect;
- allow postfix_local_t mail_spool_t:dir { remove_name };
- allow postfix_local_t mail_spool_t:file { unlink };
 +
 +# postsuper (incl. -d) for sysadm
 +postfix_user_domain(postsuper)
@@ -178,15 +169,3 @@
 +
 +# maybe this should be applied for mta_delivery_agent in general?
 +rw_dir_create_file(postfix_local_t, mail_spool_t)
---- policy-1.20/domains/program/unused/sendmail.te.orig	2005-01-03 22:31:18.000000000 +0100
-+++ policy-1.20/domains/program/unused/sendmail.te	2005-01-08 18:18:10.537824600 +0100
-@@ -13,9 +13,6 @@
- # daemon started by the init rc scripts.
- #
- 
--# etc_mail_t is the type of /etc/mail.
--type etc_mail_t, file_type, sysadmfile, usercanread;
--
- daemon_domain(sendmail, `, nscd_client_domain, mta_delivery_agent, mail_server_domain, mail_server_sender', nosysadm)
- 
- tmp_domain(sendmail)
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/policy-apache.patch?r1=1.5&r2=1.6&f=u
    http://cvs.pld-linux.org/SOURCES/policy-postfix.patch?r1=1.10&r2=1.11&f=u

More information about the pld-cvs-commit mailing list