From 477680e51a71c269b6718ac14c4f1c32511789ed Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Apr 03 2009 12:41:48 +0000 Subject: - Allow spamc_t to manage spamassassin milter state --- diff --git a/policy-20071130.patch b/policy-20071130.patch index 067a05f..f9837f5 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -653995,7 +653995,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt +/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.3.1/policy/modules/services/milter.if --- nsaserefpolicy/policy/modules/services/milter.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.3.1/policy/modules/services/milter.if 2009-03-20 10:54:05.000000000 +0100 ++++ serefpolicy-3.3.1/policy/modules/services/milter.if 2009-04-03 13:51:58.000000000 +0200 @@ -0,0 +1,105 @@ +## Milter mail filters + @@ -654091,7 +654091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt +## +## +# -+interface(`spamass_milter_manage_state',` ++interface(`milter_spamass_manage_state',` + gen_require(` + type spamass_milter_state_t; + ') @@ -664920,7 +664920,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te --- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-02-26 14:23:10.000000000 +0100 -+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2009-03-20 10:50:40.000000000 +0100 ++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2009-04-03 13:52:53.000000000 +0200 @@ -21,8 +21,10 @@ gen_tunable(spamd_enable_home_dirs,true) @@ -665061,12 +665061,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam ') optional_policy(` -@@ -209,6 +264,228 @@ +@@ -209,6 +264,232 @@ mta_read_config(spamd_t) ') + optional_policy(` -+ spamass_milter_manage_state(spamd_t) ++ milter_spamass_manage_state(spamd_t) +') + optional_policy(` @@ -665281,6 +665281,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam +') + +optional_policy(` ++ milter_spamass_manage_state(spamc_t) ++') ++ ++optional_policy(` + mta_read_queue(spamc_t) + mta_read_config(spamc_t) + sendmail_stub(spamc_t) @@ -670249,7 +670253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2008-02-26 14:23:09.000000000 +0100 -+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2009-03-23 10:46:22.000000000 +0100 ++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2009-04-03 14:00:57.000000000 +0200 @@ -69,8 +69,10 @@ ifdef(`distro_gentoo',` # despite the extensions, they are actually libs @@ -670306,7 +670310,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -183,6 +191,7 @@ +@@ -183,12 +191,14 @@ /usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -670314,7 +670318,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -204,6 +213,9 @@ + /usr/lib(64)?/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++/usr/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0) +@@ -204,6 +214,9 @@ /usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -670324,7 +670335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Fedora Extras packages: ladspa, imlib2, ocaml /usr/lib(64)?/ladspa/analogue_osc_1416\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -229,7 +241,8 @@ +@@ -229,7 +242,8 @@ /usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame @@ -670334,7 +670345,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -242,12 +255,13 @@ +@@ -242,12 +256,13 @@ # Flash plugin, Macromedia HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -670350,7 +670361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Jai, Sun Microsystems (Jpackage SPRM) /usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -263,6 +277,8 @@ +@@ -263,6 +278,8 @@ /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -670359,7 +670370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Java, Sun Microsystems (JPackage SRPM) /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -287,11 +303,15 @@ +@@ -287,11 +304,15 @@ /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -670375,7 +670386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) -@@ -301,6 +321,30 @@ +@@ -301,6 +322,30 @@ /var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0) ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 9e21d91..b5c290c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 130%{?dist} +Release: 131%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -444,6 +444,9 @@ exit 0 %endif %changelog +* Fri Apr 3 2009 Miroslav Grepl 3.3.1-131 +- Allow spamc_t to manage spamassassin milter state + * Wed Mar 25 2009 Miroslav Grepl 3.3.1-130 - Add xenner fixes