1 |
commit: 6331107c32431e0b3872e255a7f494314206c1d1 |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Fri Sep 27 07:33:10 2013 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Sep 30 19:02:55 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6331107c |
7 |
|
8 |
mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and to read exim var lib files. |
9 |
|
10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
11 |
|
12 |
--- |
13 |
policy/modules/contrib/mta.te | 9 +++------ |
14 |
1 file changed, 3 insertions(+), 6 deletions(-) |
15 |
|
16 |
diff --git a/policy/modules/contrib/mta.te b/policy/modules/contrib/mta.te |
17 |
index a36599f..ab24c49 100644 |
18 |
--- a/policy/modules/contrib/mta.te |
19 |
+++ b/policy/modules/contrib/mta.te |
20 |
@@ -1,4 +1,4 @@ |
21 |
-policy_module(mta, 2.7.2) |
22 |
+policy_module(mta, 2.7.3) |
23 |
|
24 |
######################################## |
25 |
# |
26 |
@@ -78,6 +78,7 @@ allow user_mail_domain sendmail_exec_t:lnk_file read_lnk_file_perms; |
27 |
|
28 |
can_exec(user_mail_domain, { mta_exec_type sendmail_exec_t }) |
29 |
|
30 |
+kernel_read_crypto_sysctls(user_mail_domain) |
31 |
kernel_read_system_state(user_mail_domain) |
32 |
kernel_read_kernel_sysctls(user_mail_domain) |
33 |
kernel_read_network_state(user_mail_domain) |
34 |
@@ -132,6 +133,7 @@ optional_policy(` |
35 |
exim_domtrans(user_mail_domain) |
36 |
exim_manage_log(user_mail_domain) |
37 |
exim_manage_spool_files(user_mail_domain) |
38 |
+ exim_read_var_lib_files(user_mail_domain) |
39 |
') |
40 |
|
41 |
optional_policy(` |
42 |
@@ -245,11 +247,6 @@ optional_policy(` |
43 |
') |
44 |
|
45 |
optional_policy(` |
46 |
- exim_domtrans(system_mail_t) |
47 |
- exim_manage_log(system_mail_t) |
48 |
-') |
49 |
- |
50 |
-optional_policy(` |
51 |
fail2ban_dontaudit_rw_stream_sockets(system_mail_t) |
52 |
fail2ban_append_log(system_mail_t) |
53 |
fail2ban_rw_inherited_tmp_files(system_mail_t) |