Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Mon, 30 Sep 2013 19:04:03
Message-Id: 1380567775.6331107c32431e0b3872e255a7f494314206c1d1.swift@gentoo
1 commit: 6331107c32431e0b3872e255a7f494314206c1d1
2 Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3 AuthorDate: Fri Sep 27 07:33:10 2013 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Mon Sep 30 19:02:55 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6331107c
7
8 mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and to read exim var lib files.
9
10 Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
11
12 ---
13 policy/modules/contrib/mta.te | 9 +++------
14 1 file changed, 3 insertions(+), 6 deletions(-)
15
16 diff --git a/policy/modules/contrib/mta.te b/policy/modules/contrib/mta.te
17 index a36599f..ab24c49 100644
18 --- a/policy/modules/contrib/mta.te
19 +++ b/policy/modules/contrib/mta.te
20 @@ -1,4 +1,4 @@
21 -policy_module(mta, 2.7.2)
22 +policy_module(mta, 2.7.3)
23
24 ########################################
25 #
26 @@ -78,6 +78,7 @@ allow user_mail_domain sendmail_exec_t:lnk_file read_lnk_file_perms;
27
28 can_exec(user_mail_domain, { mta_exec_type sendmail_exec_t })
29
30 +kernel_read_crypto_sysctls(user_mail_domain)
31 kernel_read_system_state(user_mail_domain)
32 kernel_read_kernel_sysctls(user_mail_domain)
33 kernel_read_network_state(user_mail_domain)
34 @@ -132,6 +133,7 @@ optional_policy(`
35 exim_domtrans(user_mail_domain)
36 exim_manage_log(user_mail_domain)
37 exim_manage_spool_files(user_mail_domain)
38 + exim_read_var_lib_files(user_mail_domain)
39 ')
40
41 optional_policy(`
42 @@ -245,11 +247,6 @@ optional_policy(`
43 ')
44
45 optional_policy(`
46 - exim_domtrans(system_mail_t)
47 - exim_manage_log(system_mail_t)
48 -')
49 -
50 -optional_policy(`
51 fail2ban_dontaudit_rw_stream_sockets(system_mail_t)
52 fail2ban_append_log(system_mail_t)
53 fail2ban_rw_inherited_tmp_files(system_mail_t)
Report Message
Find on MARC Find on Google Groups