[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Tue, 10 Jul 2012 17:22:26
Message-Id:	`1341939525.6a618b390ef532879555dcfe450d46cb45c25bbc.SwifT@gentoo`

1

commit:     6a618b390ef532879555dcfe450d46cb45c25bbc

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Tue Jul 10 16:58:45 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Tue Jul 10 16:58:45 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6a618b39

7

8

Backport nss_domain attribute patch

9

10

---

11

 policy/modules/contrib/apache.te    |    5 +++++

12

 policy/modules/contrib/bind.te      |    5 +++++

13

 policy/modules/contrib/git.te       |    6 ++++--

14

 policy/modules/contrib/kerberos.te  |    8 ++++++++

15

 policy/modules/contrib/ldap.if      |    5 ++---

16

 policy/modules/contrib/nslcd.te     |    4 ++++

17

 policy/modules/contrib/samba.te     |    8 ++++++++

18

 policy/modules/contrib/sssd.te      |    4 ++++

19

 policy/modules/contrib/telepathy.if |    2 ++

20

 policy/modules/contrib/telepathy.te |    2 --

21

 policy/modules/contrib/virt.if      |    2 ++

22

 policy/modules/contrib/virt.te      |    2 --

23

 policy/modules/contrib/zarafa.te    |   14 ++++++++++++--

24

 13 files changed, 56 insertions(+), 11 deletions(-)

25

26

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te

27

index 18d4404..d2e9d62 100644

28

--- a/policy/modules/contrib/apache.te

29

+++ b/policy/modules/contrib/apache.te

30

@@ -561,6 +561,11 @@ optional_policy(`

31

')

32

33

 optional_policy(`

34

+	# needed by FreeIPA

35

+	ldap_stream_connect(httpd_t)

36

+')

37

+

38

+optional_policy(`

39

 	mailman_signal_cgi(httpd_t)

40

 	mailman_domtrans_cgi(httpd_t)

41

 	mailman_read_data_files(httpd_t)

42

43

diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te

44

index 4deca04..0968cb4 100644

45

--- a/policy/modules/contrib/bind.te

46

+++ b/policy/modules/contrib/bind.te

47

@@ -171,6 +171,11 @@ optional_policy(`

48

')

49

50

 optional_policy(`

51

+	# needed by FreeIPA with DNS support

52

+	ldap_stream_connect(named_t)

53

+')

54

+

55

+optional_policy(`

56

 	# this seems like fds that arent being

57

 	# closed. these should probably be

58

 	# dontaudits instead.

59

60

diff --git a/policy/modules/contrib/git.te b/policy/modules/contrib/git.te

61

index 58c3c61..511175b 100644

62

--- a/policy/modules/contrib/git.te

63

+++ b/policy/modules/contrib/git.te

64

@@ -108,6 +108,8 @@ corenet_tcp_bind_git_port(git_session_t)

65

 corenet_tcp_sendrecv_git_port(git_session_t)

66

 corenet_sendrecv_git_server_packets(git_session_t)

67

68

+auth_use_nsswitch(git_session_t)

69

+

70

 userdom_use_user_terminals(git_session_t)

71

72

 tunable_policy(`git_session_send_syslog_msg',`

73

@@ -135,6 +137,8 @@ list_dirs_pattern(git_system_t, git_sys_content_t, git_sys_content_t)

74

 read_files_pattern(git_system_t, git_sys_content_t, git_sys_content_t)

75

 files_search_var_lib(git_system_t)

76

77

+auth_use_nsswitch(git_system_t)

78

+

79

 logging_send_syslog_msg(git_system_t)

80

81

 tunable_policy(`git_system_enable_homedirs',`

82

@@ -221,6 +225,4 @@ files_read_usr_files(git_daemon)

83

84

 fs_search_auto_mountpoints(git_daemon)

85

86

-auth_use_nsswitch(git_daemon)

87

-

88

 miscfiles_read_localization(git_daemon)

89

90

diff --git a/policy/modules/contrib/kerberos.te b/policy/modules/contrib/kerberos.te

91

index 8edc29b..6a95faf 100644

92

--- a/policy/modules/contrib/kerberos.te

93

+++ b/policy/modules/contrib/kerberos.te

94

@@ -160,6 +160,10 @@ userdom_dontaudit_use_unpriv_user_fds(kadmind_t)

95

 userdom_dontaudit_search_user_home_dirs(kadmind_t)

96

97

 optional_policy(`

98

+	ldap_stream_connect(kadmind_t)

99

+')

100

+

101

+optional_policy(`

102

 	nis_use_ypbind(kadmind_t)

103

')

104

105

@@ -260,6 +264,10 @@ userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)

106

 userdom_dontaudit_search_user_home_dirs(krb5kdc_t)

107

108

 optional_policy(`

109

+	ldap_stream_connect(krb5kdc_t)

110

+')

111

+

112

+optional_policy(`

113

 	nis_use_ypbind(krb5kdc_t)

114

')

115

116

117

diff --git a/policy/modules/contrib/ldap.if b/policy/modules/contrib/ldap.if

118

index e131cfa..2532772 100644

119

--- a/policy/modules/contrib/ldap.if

120

+++ b/policy/modules/contrib/ldap.if

121

@@ -69,13 +69,12 @@ interface(`ldap_stream_connect',`

122

')

123

124

 	files_search_pids($1)

125

-	allow $1 slapd_var_run_t:sock_file write;

126

-	allow $1 slapd_t:unix_stream_socket connectto;

127

+	stream_connect_pattern($1, slapd_var_run_t, slapd_var_run_t, slapd_t)

128

')

129

130

 ########################################

131

 ## <summary>

132

-##	All of the rules required to administrate 

133

+##	All of the rules required to administrate

134

 ##	an ldap environment

135

 ## </summary>

136

 ## <param name="domain">

137

138

diff --git a/policy/modules/contrib/nslcd.te b/policy/modules/contrib/nslcd.te

139

index 4e28d58..d4ee3f7 100644

140

--- a/policy/modules/contrib/nslcd.te

141

+++ b/policy/modules/contrib/nslcd.te

142

@@ -43,3 +43,7 @@ auth_use_nsswitch(nslcd_t)

143

 logging_send_syslog_msg(nslcd_t)

144

145

 miscfiles_read_localization(nslcd_t)

146

+

147

+optional_policy(`

148

+	ldap_stream_connect(nslcd_t)

149

+')

150

151

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te

152

index 1ef8d5d..05e2463 100644

153

--- a/policy/modules/contrib/samba.te

154

+++ b/policy/modules/contrib/samba.te

155

@@ -219,6 +219,10 @@ userdom_use_user_terminals(samba_net_t)

156

 userdom_list_user_home_dirs(samba_net_t)

157

158

 optional_policy(`

159

+	ldap_stream_connect(samba_net_t)

160

+')

161

+

162

+optional_policy(`

163

 	pcscd_read_pub_files(samba_net_t)

164

')

165

166

@@ -421,6 +425,10 @@ optional_policy(`

167

')

168

169

 optional_policy(`

170

+	ldap_stream_connect(smbd_t)

171

+')

172

+

173

+optional_policy(`

174

 	lpd_exec_lpr(smbd_t)

175

')

176

177

178

diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te

179

index 8ffa257..a1b61bc 100644

180

--- a/policy/modules/contrib/sssd.te

181

+++ b/policy/modules/contrib/sssd.te

182

@@ -88,3 +88,7 @@ optional_policy(`

183

 optional_policy(`

184

 	kerberos_manage_host_rcache(sssd_t)

185

')

186

+

187

+optional_policy(`

188

+	ldap_stream_connect(sssd_t)

189

+')

190

191

diff --git a/policy/modules/contrib/telepathy.if b/policy/modules/contrib/telepathy.if

192

index 6bf75ef..594be0f 100644

193

--- a/policy/modules/contrib/telepathy.if

194

+++ b/policy/modules/contrib/telepathy.if

195

@@ -24,6 +24,8 @@ template(`telepathy_domain_template',`

196

197

 	type telepathy_$1_tmp_t;

198

 	userdom_user_tmp_file(telepathy_$1_tmp_t)

199

+

200

+	auth_use_nsswitch(telepathy_$1_t)

201

')

202

203

 #######################################

204

205

diff --git a/policy/modules/contrib/telepathy.te b/policy/modules/contrib/telepathy.te

206

index ad6a38d..59809b7 100644

207

--- a/policy/modules/contrib/telepathy.te

208

+++ b/policy/modules/contrib/telepathy.te

209

@@ -367,8 +367,6 @@ kernel_read_system_state(telepathy_domain)

210

211

 fs_search_auto_mountpoints(telepathy_domain)

212

213

-auth_use_nsswitch(telepathy_domain)

214

-

215

 miscfiles_read_localization(telepathy_domain)

216

217

 optional_policy(`

218

219

diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if

220

index 7c5d8d8..6f0736b 100644

221

--- a/policy/modules/contrib/virt.if

222

+++ b/policy/modules/contrib/virt.if

223

@@ -69,6 +69,8 @@ template(`virt_domain_template',`

224

 	files_pid_filetrans($1_t, $1_var_run_t, { dir file })

225

 	stream_connect_pattern($1_t, $1_var_run_t, $1_var_run_t, virtd_t)

226

227

+	auth_use_nsswitch($1_t)

228

+

229

 	optional_policy(`

230

 		xserver_rw_shm($1_t)

231

')

232

233

diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te

234

index fadbd88..9101767 100644

235

--- a/policy/modules/contrib/virt.te

236

+++ b/policy/modules/contrib/virt.te

237

@@ -455,8 +455,6 @@ term_getattr_pty_fs(virt_domain)

238

 term_use_generic_ptys(virt_domain)

239

 term_use_ptmx(virt_domain)

240

241

-auth_use_nsswitch(virt_domain)

242

-

243

 logging_send_syslog_msg(virt_domain)

244

245

 miscfiles_read_localization(virt_domain)

246

247

diff --git a/policy/modules/contrib/zarafa.te b/policy/modules/contrib/zarafa.te

248

index 9fb4747..1a7d9bf 100644

249

--- a/policy/modules/contrib/zarafa.te

250

+++ b/policy/modules/contrib/zarafa.te

251

@@ -41,6 +41,8 @@ manage_dirs_pattern(zarafa_deliver_t, zarafa_deliver_tmp_t, zarafa_deliver_tmp_t

252

 manage_files_pattern(zarafa_deliver_t, zarafa_deliver_tmp_t, zarafa_deliver_tmp_t)

253

 files_tmp_filetrans(zarafa_deliver_t, zarafa_deliver_tmp_t, { file dir })

254

255

+auth_use_nsswitch(zarafa_deliver_t)

256

+

257

 ########################################

258

#

259

 # zarafa_gateway local policy

260

@@ -57,6 +59,8 @@ corenet_tcp_sendrecv_all_ports(zarafa_gateway_t)

261

 corenet_tcp_bind_generic_node(zarafa_gateway_t)

262

 corenet_tcp_bind_pop_port(zarafa_gateway_t)

263

264

+auth_use_nsswitch(zarafa_gateway_t)

265

+

266

 #######################################

267

#

268

 # zarafa-ical local policy

269

@@ -72,6 +76,8 @@ corenet_tcp_sendrecv_all_ports(zarafa_ical_t)

270

 corenet_tcp_bind_generic_node(zarafa_ical_t)

271

 corenet_tcp_bind_http_cache_port(zarafa_ical_t)

272

273

+auth_use_nsswitch(zarafa_ical_t)

274

+

275

 ######################################

276

#

277

 # zarafa-monitor local policy

278

@@ -79,6 +85,8 @@ corenet_tcp_bind_http_cache_port(zarafa_ical_t)

279

280

 allow zarafa_monitor_t self:capability chown;

281

282

+auth_use_nsswitch(zarafa_monitor_t)

283

+

284

 ########################################

285

#

286

 # zarafa_server local policy

287

@@ -107,6 +115,8 @@ corenet_tcp_bind_zarafa_port(zarafa_server_t)

288

289

 files_read_usr_files(zarafa_server_t)

290

291

+auth_use_nsswitch(zarafa_server_t)

292

+

293

 logging_send_syslog_msg(zarafa_server_t)

294

 logging_send_audit_msgs(zarafa_server_t)

295

296

@@ -136,6 +146,8 @@ corenet_tcp_sendrecv_generic_node(zarafa_spooler_t)

297

 corenet_tcp_sendrecv_all_ports(zarafa_spooler_t)

298

 corenet_tcp_connect_smtp_port(zarafa_spooler_t)

299

300

+auth_use_nsswitch(zarafa_spooler_t)

301

+

302

 ########################################

303

#

304

 # zarafa domains local policy

305

@@ -156,6 +168,4 @@ kernel_read_system_state(zarafa_domain)

306

307

 files_read_etc_files(zarafa_domain)

308

309

-auth_use_nsswitch(zarafa_domain)

310

-

311

 miscfiles_read_localization(zarafa_domain)

1	commit: 6a618b390ef532879555dcfe450d46cb45c25bbc
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Tue Jul 10 16:58:45 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue Jul 10 16:58:45 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6a618b39
7
8	Backport nss_domain attribute patch
9
10	---
11	policy/modules/contrib/apache.te \| 5 +++++
12	policy/modules/contrib/bind.te \| 5 +++++
13	policy/modules/contrib/git.te \| 6 ++++--
14	policy/modules/contrib/kerberos.te \| 8 ++++++++
15	policy/modules/contrib/ldap.if \| 5 ++---
16	policy/modules/contrib/nslcd.te \| 4 ++++
17	policy/modules/contrib/samba.te \| 8 ++++++++
18	policy/modules/contrib/sssd.te \| 4 ++++
19	policy/modules/contrib/telepathy.if \| 2 ++
20	policy/modules/contrib/telepathy.te \| 2 --
21	policy/modules/contrib/virt.if \| 2 ++
22	policy/modules/contrib/virt.te \| 2 --
23	policy/modules/contrib/zarafa.te \| 14 ++++++++++++--
24	13 files changed, 56 insertions(+), 11 deletions(-)
25
26	diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
27	index 18d4404..d2e9d62 100644
28	--- a/policy/modules/contrib/apache.te
29	+++ b/policy/modules/contrib/apache.te
30	@@ -561,6 +561,11 @@ optional_policy(`
31	')
32
33	optional_policy(`
34	+ # needed by FreeIPA
35	+ ldap_stream_connect(httpd_t)
36	+')
37	+
38	+optional_policy(`
39	mailman_signal_cgi(httpd_t)
40	mailman_domtrans_cgi(httpd_t)
41	mailman_read_data_files(httpd_t)
42
43	diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
44	index 4deca04..0968cb4 100644
45	--- a/policy/modules/contrib/bind.te
46	+++ b/policy/modules/contrib/bind.te
47	@@ -171,6 +171,11 @@ optional_policy(`
48	')
49
50	optional_policy(`
51	+ # needed by FreeIPA with DNS support
52	+ ldap_stream_connect(named_t)
53	+')
54	+
55	+optional_policy(`
56	# this seems like fds that arent being
57	# closed. these should probably be
58	# dontaudits instead.
59
60	diff --git a/policy/modules/contrib/git.te b/policy/modules/contrib/git.te
61	index 58c3c61..511175b 100644
62	--- a/policy/modules/contrib/git.te
63	+++ b/policy/modules/contrib/git.te
64	@@ -108,6 +108,8 @@ corenet_tcp_bind_git_port(git_session_t)
65	corenet_tcp_sendrecv_git_port(git_session_t)
66	corenet_sendrecv_git_server_packets(git_session_t)
67
68	+auth_use_nsswitch(git_session_t)
69	+
70	userdom_use_user_terminals(git_session_t)
71
72	tunable_policy(`git_session_send_syslog_msg',`
73	@@ -135,6 +137,8 @@ list_dirs_pattern(git_system_t, git_sys_content_t, git_sys_content_t)
74	read_files_pattern(git_system_t, git_sys_content_t, git_sys_content_t)
75	files_search_var_lib(git_system_t)
76
77	+auth_use_nsswitch(git_system_t)
78	+
79	logging_send_syslog_msg(git_system_t)
80
81	tunable_policy(`git_system_enable_homedirs',`
82	@@ -221,6 +225,4 @@ files_read_usr_files(git_daemon)
83
84	fs_search_auto_mountpoints(git_daemon)
85
86	-auth_use_nsswitch(git_daemon)
87	-
88	miscfiles_read_localization(git_daemon)
89
90	diff --git a/policy/modules/contrib/kerberos.te b/policy/modules/contrib/kerberos.te
91	index 8edc29b..6a95faf 100644
92	--- a/policy/modules/contrib/kerberos.te
93	+++ b/policy/modules/contrib/kerberos.te
94	@@ -160,6 +160,10 @@ userdom_dontaudit_use_unpriv_user_fds(kadmind_t)
95	userdom_dontaudit_search_user_home_dirs(kadmind_t)
96
97	optional_policy(`
98	+ ldap_stream_connect(kadmind_t)
99	+')
100	+
101	+optional_policy(`
102	nis_use_ypbind(kadmind_t)
103	')
104
105	@@ -260,6 +264,10 @@ userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)
106	userdom_dontaudit_search_user_home_dirs(krb5kdc_t)
107
108	optional_policy(`
109	+ ldap_stream_connect(krb5kdc_t)
110	+')
111	+
112	+optional_policy(`
113	nis_use_ypbind(krb5kdc_t)
114	')
115
116
117	diff --git a/policy/modules/contrib/ldap.if b/policy/modules/contrib/ldap.if
118	index e131cfa..2532772 100644
119	--- a/policy/modules/contrib/ldap.if
120	+++ b/policy/modules/contrib/ldap.if
121	@@ -69,13 +69,12 @@ interface(`ldap_stream_connect',`
122	')
123
124	files_search_pids($1)
125	- allow $1 slapd_var_run_t:sock_file write;
126	- allow $1 slapd_t:unix_stream_socket connectto;
127	+ stream_connect_pattern($1, slapd_var_run_t, slapd_var_run_t, slapd_t)
128	')
129
130	########################################
131	## <summary>
132	-## All of the rules required to administrate
133	+## All of the rules required to administrate
134	## an ldap environment
135	## </summary>
136	## <param name="domain">
137
138	diff --git a/policy/modules/contrib/nslcd.te b/policy/modules/contrib/nslcd.te
139	index 4e28d58..d4ee3f7 100644
140	--- a/policy/modules/contrib/nslcd.te
141	+++ b/policy/modules/contrib/nslcd.te
142	@@ -43,3 +43,7 @@ auth_use_nsswitch(nslcd_t)
143	logging_send_syslog_msg(nslcd_t)
144
145	miscfiles_read_localization(nslcd_t)
146	+
147	+optional_policy(`
148	+ ldap_stream_connect(nslcd_t)
149	+')
150
151	diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
152	index 1ef8d5d..05e2463 100644
153	--- a/policy/modules/contrib/samba.te
154	+++ b/policy/modules/contrib/samba.te
155	@@ -219,6 +219,10 @@ userdom_use_user_terminals(samba_net_t)
156	userdom_list_user_home_dirs(samba_net_t)
157
158	optional_policy(`
159	+ ldap_stream_connect(samba_net_t)
160	+')
161	+
162	+optional_policy(`
163	pcscd_read_pub_files(samba_net_t)
164	')
165
166	@@ -421,6 +425,10 @@ optional_policy(`
167	')
168
169	optional_policy(`
170	+ ldap_stream_connect(smbd_t)
171	+')
172	+
173	+optional_policy(`
174	lpd_exec_lpr(smbd_t)
175	')
176
177
178	diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te
179	index 8ffa257..a1b61bc 100644
180	--- a/policy/modules/contrib/sssd.te
181	+++ b/policy/modules/contrib/sssd.te
182	@@ -88,3 +88,7 @@ optional_policy(`
183	optional_policy(`
184	kerberos_manage_host_rcache(sssd_t)
185	')
186	+
187	+optional_policy(`
188	+ ldap_stream_connect(sssd_t)
189	+')
190
191	diff --git a/policy/modules/contrib/telepathy.if b/policy/modules/contrib/telepathy.if
192	index 6bf75ef..594be0f 100644
193	--- a/policy/modules/contrib/telepathy.if
194	+++ b/policy/modules/contrib/telepathy.if
195	@@ -24,6 +24,8 @@ template(`telepathy_domain_template',`
196
197	type telepathy_$1_tmp_t;
198	userdom_user_tmp_file(telepathy_$1_tmp_t)
199	+
200	+ auth_use_nsswitch(telepathy_$1_t)
201	')
202
203	#######################################
204
205	diff --git a/policy/modules/contrib/telepathy.te b/policy/modules/contrib/telepathy.te
206	index ad6a38d..59809b7 100644
207	--- a/policy/modules/contrib/telepathy.te
208	+++ b/policy/modules/contrib/telepathy.te
209	@@ -367,8 +367,6 @@ kernel_read_system_state(telepathy_domain)
210
211	fs_search_auto_mountpoints(telepathy_domain)
212
213	-auth_use_nsswitch(telepathy_domain)
214	-
215	miscfiles_read_localization(telepathy_domain)
216
217	optional_policy(`
218
219	diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if
220	index 7c5d8d8..6f0736b 100644
221	--- a/policy/modules/contrib/virt.if
222	+++ b/policy/modules/contrib/virt.if
223	@@ -69,6 +69,8 @@ template(`virt_domain_template',`
224	files_pid_filetrans($1_t, $1_var_run_t, { dir file })
225	stream_connect_pattern($1_t, $1_var_run_t, $1_var_run_t, virtd_t)
226
227	+ auth_use_nsswitch($1_t)
228	+
229	optional_policy(`
230	xserver_rw_shm($1_t)
231	')
232
233	diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
234	index fadbd88..9101767 100644
235	--- a/policy/modules/contrib/virt.te
236	+++ b/policy/modules/contrib/virt.te
237	@@ -455,8 +455,6 @@ term_getattr_pty_fs(virt_domain)
238	term_use_generic_ptys(virt_domain)
239	term_use_ptmx(virt_domain)
240
241	-auth_use_nsswitch(virt_domain)
242	-
243	logging_send_syslog_msg(virt_domain)
244
245	miscfiles_read_localization(virt_domain)
246
247	diff --git a/policy/modules/contrib/zarafa.te b/policy/modules/contrib/zarafa.te
248	index 9fb4747..1a7d9bf 100644
249	--- a/policy/modules/contrib/zarafa.te
250	+++ b/policy/modules/contrib/zarafa.te
251	@@ -41,6 +41,8 @@ manage_dirs_pattern(zarafa_deliver_t, zarafa_deliver_tmp_t, zarafa_deliver_tmp_t
252	manage_files_pattern(zarafa_deliver_t, zarafa_deliver_tmp_t, zarafa_deliver_tmp_t)
253	files_tmp_filetrans(zarafa_deliver_t, zarafa_deliver_tmp_t, { file dir })
254
255	+auth_use_nsswitch(zarafa_deliver_t)
256	+
257	########################################
258	#
259	# zarafa_gateway local policy
260	@@ -57,6 +59,8 @@ corenet_tcp_sendrecv_all_ports(zarafa_gateway_t)
261	corenet_tcp_bind_generic_node(zarafa_gateway_t)
262	corenet_tcp_bind_pop_port(zarafa_gateway_t)
263
264	+auth_use_nsswitch(zarafa_gateway_t)
265	+
266	#######################################
267	#
268	# zarafa-ical local policy
269	@@ -72,6 +76,8 @@ corenet_tcp_sendrecv_all_ports(zarafa_ical_t)
270	corenet_tcp_bind_generic_node(zarafa_ical_t)
271	corenet_tcp_bind_http_cache_port(zarafa_ical_t)
272
273	+auth_use_nsswitch(zarafa_ical_t)
274	+
275	######################################
276	#
277	# zarafa-monitor local policy
278	@@ -79,6 +85,8 @@ corenet_tcp_bind_http_cache_port(zarafa_ical_t)
279
280	allow zarafa_monitor_t self:capability chown;
281
282	+auth_use_nsswitch(zarafa_monitor_t)
283	+
284	########################################
285	#
286	# zarafa_server local policy
287	@@ -107,6 +115,8 @@ corenet_tcp_bind_zarafa_port(zarafa_server_t)
288
289	files_read_usr_files(zarafa_server_t)
290
291	+auth_use_nsswitch(zarafa_server_t)
292	+
293	logging_send_syslog_msg(zarafa_server_t)
294	logging_send_audit_msgs(zarafa_server_t)
295
296	@@ -136,6 +146,8 @@ corenet_tcp_sendrecv_generic_node(zarafa_spooler_t)
297	corenet_tcp_sendrecv_all_ports(zarafa_spooler_t)
298	corenet_tcp_connect_smtp_port(zarafa_spooler_t)
299
300	+auth_use_nsswitch(zarafa_spooler_t)
301	+
302	########################################
303	#
304	# zarafa domains local policy
305	@@ -156,6 +168,4 @@ kernel_read_system_state(zarafa_domain)
306
307	files_read_etc_files(zarafa_domain)
308
309	-auth_use_nsswitch(zarafa_domain)
310	-
311	miscfiles_read_localization(zarafa_domain)

Gentoo Archives: gentoo-commits