From f801c704033a576e6f024c94d3b2973e8fe09031 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 19 2008 14:42:25 +0000 Subject: - Dontaudit attempts to write user_tmp_t by gssd_t --- diff --git a/policy-20071130.patch b/policy-20071130.patch index b5b3b6a..6595363 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -19137,8 +19137,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail +/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.3.1/policy/modules/services/mailman.if --- nsaserefpolicy/policy/modules/services/mailman.if 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/services/mailman.if 2008-09-08 11:45:12.000000000 -0400 -@@ -211,6 +211,7 @@ ++++ serefpolicy-3.3.1/policy/modules/services/mailman.if 2008-09-19 10:41:32.000000000 -0400 +@@ -31,6 +31,12 @@ + allow mailman_$1_t self:tcp_socket create_stream_socket_perms; + allow mailman_$1_t self:udp_socket create_socket_perms; + ++ files_search_spool(mailman_$1_t) ++ ++ manage_dirs_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t) ++ manage_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t) ++ manage_lnk_files_pattern(mailman_$1_t, mailman_archive_t, mailman_archive_t) ++ + manage_dirs_pattern(mailman_$1_t,mailman_data_t,mailman_data_t) + manage_files_pattern(mailman_$1_t,mailman_data_t,mailman_data_t) + manage_lnk_files_pattern(mailman_$1_t,mailman_data_t,mailman_data_t) +@@ -211,6 +217,7 @@ type mailman_data_t; ') @@ -19146,7 +19159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail manage_files_pattern($1,mailman_data_t,mailman_data_t) ') -@@ -252,6 +253,25 @@ +@@ -252,6 +259,25 @@ ####################################### ## @@ -19174,7 +19187,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.3.1/policy/modules/services/mailman.te --- nsaserefpolicy/policy/modules/services/mailman.te 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/services/mailman.te 2008-09-11 13:48:31.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/services/mailman.te 2008-09-19 10:40:19.000000000 -0400 @@ -53,10 +53,9 @@ apache_use_fds(mailman_cgi_t) apache_dontaudit_append_log(mailman_cgi_t) @@ -19208,6 +19221,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail ifdef(`TODO',` optional_policy(` +@@ -107,5 +117,10 @@ + su_exec(mailman_queue_t) + + optional_policy(` +- cron_system_entry(mailman_queue_t,mailman_queue_exec_t) ++ apache_read_config(mailman_queue_t) + ') ++ ++optional_policy(` ++ cron_system_entry(mailman_queue_t, mailman_queue_exec_t) ++') ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.3.1/policy/modules/services/mailscanner.fc --- nsaserefpolicy/policy/modules/services/mailscanner.fc 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc 2008-09-08 11:45:12.000000000 -0400 diff --git a/selinux-policy.spec b/selinux-policy.spec index 82b1e46..60e65cf 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 91%{?dist} +Release: 92%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -386,6 +386,9 @@ exit 0 %endif %changelog +* Tue Sep 18 2008 Dan Walsh 3.3.1-92 +- Dontaudit attempts to write user_tmp_t by gssd_t + * Mon Sep 15 2008 Dan Walsh 3.3.1-91 - Allow nsplugin_cong dac capabilities.