diff --git a/modules-mls.conf b/modules-mls.conf index 8741d52..09c2253 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -1116,3 +1116,9 @@ guest = module # xguest = module +# Layer: services +# Module: courier +# +# IMAP and POP3 email servers +# +courier = module diff --git a/policy-20080509.patch b/policy-20080509.patch index 49acafe..7f1d203 100644 --- a/policy-20080509.patch +++ b/policy-20080509.patch @@ -12336,7 +12336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour +/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.4.2/policy/modules/services/courier.if --- nsaserefpolicy/policy/modules/services/courier.if 2008-06-12 23:25:06.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/services/courier.if 2008-06-12 23:37:52.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/services/courier.if 2008-06-30 17:10:40.000000000 -0400 @@ -123,3 +123,77 @@ domtrans_pattern($1, courier_pop_exec_t, courier_pop_t) @@ -12410,10 +12410,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour +# +interface(`courier_rw_pipes',` + gen_require(` -+ type courier_t; ++ type courier_authdaemon_t; + ') + -+ allow $1 courier_t:fifo_file rw_fifo_file_perms; ++ allow $1 courier_authdaemon_t:fifo_file rw_fifo_file_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.4.2/policy/modules/services/courier.te --- nsaserefpolicy/policy/modules/services/courier.te 2008-06-12 23:25:05.000000000 -0400 @@ -17867,7 +17867,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.4.2/policy/modules/services/mta.te --- nsaserefpolicy/policy/modules/services/mta.te 2008-06-12 23:25:05.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/services/mta.te 2008-06-30 08:33:53.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/services/mta.te 2008-06-30 17:10:20.000000000 -0400 @@ -6,6 +6,8 @@ # Declarations # @@ -17939,7 +17939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. ') optional_policy(` -@@ -73,7 +98,10 @@ +@@ -73,7 +98,17 @@ optional_policy(` cron_read_system_job_tmp_files(system_mail_t) @@ -17947,10 +17947,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. cron_dontaudit_write_pipes(system_mail_t) + cron_dontaudit_write_system_job_tmp_files(system_mail_t) + cron_rw_system_stream_sockets(system_mail_t) ++') ++ ++optional_policy(` ++ courier_read_config(system_mail_t) ++ courier_manage_spool_dirs(system_mail_t) ++ courier_manage_spool_files(system_mail_t) ++# courier_rw_pipes(system_mail_t) ') optional_policy(` -@@ -81,6 +109,11 @@ +@@ -81,6 +116,11 @@ ') optional_policy(` @@ -17962,7 +17969,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. logrotate_read_tmp_files(system_mail_t) ') -@@ -136,11 +169,38 @@ +@@ -136,11 +176,38 @@ ') optional_policy(` @@ -18002,7 +18009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. optional_policy(` # why is mail delivered to a directory of type arpwatch_data_t? arpwatch_search_data(mailserver_delivery) -@@ -154,3 +214,5 @@ +@@ -154,3 +221,5 @@ cron_read_system_job_tmp_files(mta_user_agent) ') ') diff --git a/selinux-policy.spec b/selinux-policy.spec index b8612b0..d57b749 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.4.2 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -375,6 +375,10 @@ exit 0 %endif %changelog +* Sun Jun 29 2008 Dan Walsh 3.4.2-9 +- Allow gdm to read rpm database +- Allow nsplugin to read mplayer config files + * Thu Jun 26 2008 Dan Walsh 3.4.2-8 - Allow vpnc to run ifconfig