1 |
commit: 02fa620d3ded0f4b2eeca78cb7c6bb13542c19af |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Sat Aug 30 20:15:48 2014 +0000 |
4 |
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com> |
5 |
CommitDate: Sat Aug 30 20:15:48 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=02fa620d |
7 |
|
8 |
Updates on salt policy - interaction with postfix |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/salt.te | 11 ++++++++++- |
12 |
1 file changed, 10 insertions(+), 1 deletion(-) |
13 |
|
14 |
diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te |
15 |
index 180305f..279edfb 100644 |
16 |
--- a/policy/modules/contrib/salt.te |
17 |
+++ b/policy/modules/contrib/salt.te |
18 |
@@ -200,7 +200,7 @@ tunable_policy(`salt_master_read_nfs',` |
19 |
|
20 |
allow salt_minion_t self:capability { fsetid chown net_admin sys_admin sys_tty_config }; |
21 |
allow salt_minion_t self:capability2 block_suspend; |
22 |
-allow salt_minion_t self:process { signull }; |
23 |
+allow salt_minion_t self:process { signal signull }; |
24 |
allow salt_minion_t self:tcp_socket create_stream_socket_perms; |
25 |
allow salt_minion_t self:udp_socket create_socket_perms; |
26 |
allow salt_minion_t self:unix_dgram_socket create_socket_perms; |
27 |
@@ -277,8 +277,12 @@ fs_getattr_all_fs(salt_minion_t) |
28 |
|
29 |
getty_use_fds(salt_minion_t) |
30 |
|
31 |
+init_exec_rc(salt_minion_t) |
32 |
+ |
33 |
miscfiles_read_localization(salt_minion_t) |
34 |
|
35 |
+seutil_domtrans_setfiles(salt_minion_t) |
36 |
+ |
37 |
sysnet_exec_ifconfig(salt_minion_t) |
38 |
sysnet_read_config(salt_minion_t) |
39 |
|
40 |
@@ -298,6 +302,11 @@ optional_policy(` |
41 |
') |
42 |
|
43 |
optional_policy(` |
44 |
+ postfix_domtrans_master(salt_minion_t) |
45 |
+ postfix_run_map(salt_minion_t, salt_minion_roles) |
46 |
+') |
47 |
+ |
48 |
+optional_policy(` |
49 |
shutdown_domtrans(salt_minion_t) |
50 |
') |