From c0158a8c68177f23261b5816e4dca58d13e6be28 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mar 27 2009 19:48:17 +0000 Subject: - Add label for ~/.forward and /root/.forward --- diff --git a/policy-20090105.patch b/policy-20090105.patch index 7c1201e..9319e6a 100644 --- a/policy-20090105.patch +++ b/policy-20090105.patch @@ -6775,7 +6775,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +permissive afs_t; diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.10/policy/modules/services/apache.fc --- nsaserefpolicy/policy/modules/services/apache.fc 2008-11-11 16:13:46.000000000 -0500 -+++ serefpolicy-3.6.10/policy/modules/services/apache.fc 2009-03-24 09:03:48.000000000 -0400 ++++ serefpolicy-3.6.10/policy/modules/services/apache.fc 2009-03-27 14:54:58.000000000 -0400 @@ -1,12 +1,13 @@ -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0) +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0) @@ -8172,7 +8172,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol optional_policy(` diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.10/policy/modules/services/bind.fc --- nsaserefpolicy/policy/modules/services/bind.fc 2009-01-05 15:39:43.000000000 -0500 -+++ serefpolicy-3.6.10/policy/modules/services/bind.fc 2009-03-24 09:03:48.000000000 -0400 ++++ serefpolicy-3.6.10/policy/modules/services/bind.fc 2009-03-27 15:09:58.000000000 -0400 @@ -1,17 +1,22 @@ /etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0) +/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0) @@ -8196,14 +8196,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ifdef(`distro_debian',` /etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0) -@@ -40,7 +45,6 @@ +@@ -40,8 +45,8 @@ /var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0) /var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0) /var/named/chroot(/.*)? gen_context(system_u:object_r:named_conf_t,s0) -/var/named/chroot/etc(/.*)? gen_context(system_u:object_r:named_conf_t,s0) /var/named/chroot/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) ++/var/named/chroot/proc(/.*)? <> /var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0) /var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0) + /var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.10/policy/modules/services/bind.if --- nsaserefpolicy/policy/modules/services/bind.if 2008-11-11 16:13:46.000000000 -0500 +++ serefpolicy-3.6.10/policy/modules/services/bind.if 2009-03-24 09:03:48.000000000 -0400 @@ -13095,7 +13097,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol cron_system_entry(mailman_queue_t, mailman_queue_exec_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.10/policy/modules/services/mta.fc --- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400 -+++ serefpolicy-3.6.10/policy/modules/services/mta.fc 2009-03-24 09:03:48.000000000 -0400 ++++ serefpolicy-3.6.10/policy/modules/services/mta.fc 2009-03-27 15:09:24.000000000 -0400 @@ -1,4 +1,4 @@ -/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) @@ -13116,7 +13118,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /var/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) -@@ -22,7 +25,3 @@ +@@ -22,7 +25,5 @@ /var/spool/imap(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) /var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0) /var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) @@ -13124,9 +13126,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol -#ifdef(`postfix.te', `', ` -#/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) -#') ++HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0) ++/root/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.10/policy/modules/services/mta.if --- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500 -+++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-27 09:50:44.000000000 -0400 ++++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-27 14:46:53.000000000 -0400 @@ -130,6 +130,15 @@ sendmail_create_log($1_mail_t) ') @@ -13204,8 +13208,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.10/policy/modules/services/mta.te --- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500 -+++ serefpolicy-3.6.10/policy/modules/services/mta.te 2009-03-24 09:03:48.000000000 -0400 -@@ -47,34 +47,49 @@ ++++ serefpolicy-3.6.10/policy/modules/services/mta.te 2009-03-27 15:46:19.000000000 -0400 +@@ -27,6 +27,9 @@ + type mail_spool_t; + files_mountpoint(mail_spool_t) + ++type mail_forward_t, mailcontent_type; ++files_type(mail_forward_t) ++ + type sendmail_exec_t; + mta_agent_executable(sendmail_exec_t) + +@@ -47,34 +50,49 @@ # # newalias required this, not sure if it is needed in 'if' file @@ -13257,7 +13271,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -88,6 +103,13 @@ +@@ -88,6 +106,13 @@ optional_policy(` cron_read_system_job_tmp_files(system_mail_t) cron_dontaudit_write_pipes(system_mail_t) @@ -13271,7 +13285,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -95,16 +117,16 @@ +@@ -95,16 +120,16 @@ ') optional_policy(` @@ -13292,7 +13306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -132,10 +154,6 @@ +@@ -132,10 +157,6 @@ # compatability for old default main.cf postfix_config_filetrans(system_mail_t, etc_aliases_t, { dir file lnk_file sock_file fifo_file }) ') @@ -13303,7 +13317,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -155,6 +173,19 @@ +@@ -155,6 +176,19 @@ ') optional_policy(` @@ -13323,11 +13337,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol smartmon_read_tmp_files(system_mail_t) ') -@@ -174,6 +205,23 @@ +@@ -174,6 +208,25 @@ ') ') +read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t) ++userdom_search_admin_dir(mailserver_delivery) ++read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t) + +init_stream_connect_script(mailserver_delivery) +init_rw_script_stream_sockets(mailserver_delivery) @@ -21222,12 +21238,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol optional_policy(` diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.10/policy/modules/services/virt.fc --- nsaserefpolicy/policy/modules/services/virt.fc 2009-01-05 15:39:43.000000000 -0500 -+++ serefpolicy-3.6.10/policy/modules/services/virt.fc 2009-03-24 15:39:18.000000000 -0400 -@@ -8,5 +8,15 @@ ++++ serefpolicy-3.6.10/policy/modules/services/virt.fc 2009-03-27 15:22:38.000000000 -0400 +@@ -8,5 +8,16 @@ /var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0) /var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0) +/var/lib/libvirt/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0) ++/var/lib/libvirt/boot(/.*)? gen_context(system_u:object_r:virt_content_t,s0) + /var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0) /var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0) diff --git a/selinux-policy.spec b/selinux-policy.spec index b11bdb0..7152934 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.10 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -444,6 +444,9 @@ exit 0 %endif %changelog +* Fri Mar 27 2009 Dan Walsh 3.6.10-4 +- Add label for ~/.forward and /root/.forward + * Thu Mar 26 2009 Dan Walsh 3.6.10-3 - Fixes for svirt