From a333a84d27254e51eef5f829948ddd15e3751fe9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Nov 24 2009 23:16:46 +0000 Subject: - Allow modemmanager sys_admin --- diff --git a/policy-F12.patch b/policy-F12.patch index 77e3cd2..3313e3b 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -22641,7 +22641,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.32/policy/modules/services/spamassassin.te --- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-09-16 10:01:19.000000000 -0400 -+++ serefpolicy-3.6.32/policy/modules/services/spamassassin.te 2009-10-26 09:38:33.000000000 -0400 ++++ serefpolicy-3.6.32/policy/modules/services/spamassassin.te 2009-11-24 18:16:18.000000000 -0500 @@ -20,6 +20,35 @@ ## gen_tunable(spamd_enable_home_dirs, true) @@ -22708,15 +22708,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # this should probably be removed corecmd_list_bin(spamassassin_t) -@@ -150,6 +191,7 @@ +@@ -150,6 +191,8 @@ corenet_udp_sendrecv_all_ports(spamassassin_t) corenet_tcp_connect_all_ports(spamassassin_t) corenet_sendrecv_all_client_packets(spamassassin_t) + corenet_udp_bind_generic_node(spamassassin_t) ++ corenet_udp_bind_generic_port(spamassassin_t) sysnet_read_config(spamassassin_t) ') -@@ -186,6 +228,8 @@ +@@ -186,6 +229,8 @@ optional_policy(` mta_read_config(spamassassin_t) sendmail_stub(spamassassin_t) @@ -22725,7 +22726,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -207,16 +251,33 @@ +@@ -207,16 +252,33 @@ allow spamc_t self:unix_stream_socket connectto; allow spamc_t self:tcp_socket create_stream_socket_perms; allow spamc_t self:udp_socket create_socket_perms; @@ -22759,7 +22760,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol corenet_all_recvfrom_unlabeled(spamc_t) corenet_all_recvfrom_netlabel(spamc_t) -@@ -246,9 +307,16 @@ +@@ -246,9 +308,16 @@ files_dontaudit_search_var(spamc_t) # cjp: this may be removable: files_list_home(spamc_t) @@ -22776,7 +22777,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol miscfiles_read_localization(spamc_t) # cjp: this should probably be removed: -@@ -256,27 +324,40 @@ +@@ -256,27 +325,40 @@ sysnet_read_config(spamc_t) @@ -22823,7 +22824,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -288,7 +369,7 @@ +@@ -288,7 +370,7 @@ # setuids to the user running spamc. Comment this if you are not # using this ability. @@ -22832,7 +22833,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol dontaudit spamd_t self:capability sys_tty_config; allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow spamd_t self:fd use; -@@ -304,10 +385,17 @@ +@@ -304,10 +386,17 @@ allow spamd_t self:unix_stream_socket connectto; allow spamd_t self:tcp_socket create_stream_socket_perms; allow spamd_t self:udp_socket create_socket_perms; @@ -22851,7 +22852,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol files_spool_filetrans(spamd_t, spamd_spool_t, { file dir }) manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t) -@@ -316,10 +404,12 @@ +@@ -316,10 +405,12 @@ # var/lib files for spamd allow spamd_t spamd_var_lib_t:dir list_dir_perms; @@ -22865,7 +22866,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol files_pid_filetrans(spamd_t, spamd_var_run_t, { dir file }) kernel_read_all_sysctls(spamd_t) -@@ -369,22 +459,27 @@ +@@ -369,22 +460,27 @@ init_dontaudit_rw_utmp(spamd_t) @@ -22897,7 +22898,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol fs_manage_cifs_files(spamd_t) ') -@@ -402,23 +497,16 @@ +@@ -402,23 +498,16 @@ optional_policy(` dcc_domtrans_client(spamd_t) @@ -22922,7 +22923,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol postfix_read_config(spamd_t) ') -@@ -433,6 +521,10 @@ +@@ -433,6 +522,10 @@ optional_policy(` razor_domtrans(spamd_t) @@ -22933,7 +22934,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -445,5 +537,9 @@ +@@ -445,5 +538,9 @@ ') optional_policy(`