* [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts
@ 2018-04-12 11:38 Jason Zaman
2018-04-12 11:38 ` [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script Jason Zaman
` (5 more replies)
0 siblings, 6 replies; 12+ messages in thread
From: Jason Zaman @ 2018-04-12 11:38 UTC (permalink / raw)
To: refpolicy
---
ifplugd.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ifplugd.te b/ifplugd.te
index 9267c1b..78bcd14 100644
--- a/ifplugd.te
+++ b/ifplugd.te
@@ -53,6 +53,8 @@ domain_dontaudit_read_all_domains_state(ifplugd_t)
auth_use_nsswitch(ifplugd_t)
+init_domtrans_script(ifplugd_t)
+
logging_send_syslog_msg(ifplugd_t)
miscfiles_read_localization(ifplugd_t)
--
2.16.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
@ 2018-04-12 11:38 ` Jason Zaman
2018-04-12 23:07 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 3/6] gnome: add fcontext gconf_tmp_t for /run/user/%{USERID}/dconf Jason Zaman
` (4 subsequent siblings)
5 siblings, 1 reply; 12+ messages in thread
From: Jason Zaman @ 2018-04-12 11:38 UTC (permalink / raw)
To: refpolicy
From: Scall <scall@prosemail.net>
---
samba.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/samba.te b/samba.te
index f6042e7..4357fe5 100644
--- a/samba.te
+++ b/samba.te
@@ -114,7 +114,7 @@ init_daemon_domain(nmbd_t, nmbd_exec_t)
type samba_var_run_t;
typealias samba_var_run_t alias { nmbd_var_run_t smbd_var_run_t };
-files_pid_file(samba_var_run_t)
+init_daemon_pid_file(samba_var_run_t, dir, "samba")
type samba_etc_t;
files_config_file(samba_etc_t)
--
2.16.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 3/6] gnome: add fcontext gconf_tmp_t for /run/user/%{USERID}/dconf
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
2018-04-12 11:38 ` [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script Jason Zaman
@ 2018-04-12 11:38 ` Jason Zaman
2018-04-12 23:07 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 4/6] mozilla: allow map usr, home, tmp files Jason Zaman
` (3 subsequent siblings)
5 siblings, 1 reply; 12+ messages in thread
From: Jason Zaman @ 2018-04-12 11:38 UTC (permalink / raw)
To: refpolicy
---
gnome.fc | 1 +
1 file changed, 1 insertion(+)
diff --git a/gnome.fc b/gnome.fc
index 744ff68..14f78b3 100644
--- a/gnome.fc
+++ b/gnome.fc
@@ -20,3 +20,4 @@ HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0)
/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
+/run/user/%{USERID}/dconf(/.*)? gen_context(system_u:object_r:gconf_tmp_t,s0)
--
2.16.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 4/6] mozilla: allow map usr, home, tmp files
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
2018-04-12 11:38 ` [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script Jason Zaman
2018-04-12 11:38 ` [refpolicy] [PATCH 3/6] gnome: add fcontext gconf_tmp_t for /run/user/%{USERID}/dconf Jason Zaman
@ 2018-04-12 11:38 ` Jason Zaman
2018-04-12 23:08 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl certs Jason Zaman
` (2 subsequent siblings)
5 siblings, 1 reply; 12+ messages in thread
From: Jason Zaman @ 2018-04-12 11:38 UTC (permalink / raw)
To: refpolicy
---
mozilla.te | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/mozilla.te b/mozilla.te
index bc45d50..08496b6 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -108,6 +108,7 @@ manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
+allow mozilla_t mozilla_plugin_tmpfs_t:file map;
allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
@@ -347,6 +348,7 @@ allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
+allow mozilla_plugin_t mozilla_home_t:file map;
userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
@@ -370,6 +372,8 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin
files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
+allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
+
manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
@@ -479,6 +483,7 @@ files_exec_usr_files(mozilla_plugin_t)
files_list_mnt(mozilla_plugin_t)
files_read_config_files(mozilla_plugin_t)
files_read_usr_files(mozilla_plugin_t)
+files_map_usr_files(mozilla_plugin_t)
fs_getattr_all_fs(mozilla_plugin_t)
# fs_read_hugetlbfs_files(mozilla_plugin_t)
--
2.16.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl certs
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
` (2 preceding siblings ...)
2018-04-12 11:38 ` [refpolicy] [PATCH 4/6] mozilla: allow map usr, home, tmp files Jason Zaman
@ 2018-04-12 11:38 ` Jason Zaman
2018-04-12 23:08 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 6/6] virt: Add netlink socket and filetrans Jason Zaman
2018-04-12 23:07 ` [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Chris PeBenito
5 siblings, 1 reply; 12+ messages in thread
From: Jason Zaman @ 2018-04-12 11:38 UTC (permalink / raw)
To: refpolicy
---
mta.fc | 3 +++
mta.te | 1 +
2 files changed, 4 insertions(+)
diff --git a/mta.fc b/mta.fc
index ace4a1f..66634b0 100644
--- a/mta.fc
+++ b/mta.fc
@@ -2,6 +2,7 @@ HOME_DIR/\.esmtp_queue -- gen_context(system_u:object_r:mail_home_t,s0)
HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0)
HOME_DIR/dead\.letter -- gen_context(system_u:object_r:mail_home_t,s0)
HOME_DIR/\.mailrc -- gen_context(system_u:object_r:mail_home_t,s0)
+HOME_DIR/\.msmtprc -- gen_context(system_u:object_r:mail_home_t,s0)
HOME_DIR/Maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
HOME_DIR/DovecotMail(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
@@ -10,10 +11,12 @@ HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
/etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0)
/etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0)
/etc/mail/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0)
+/etc/msmtprc -- gen_context(system_u:object_r:etc_mail_t,s0)
/etc/postfix/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0)
/usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0)
/usr/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+/usr/bin/msmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0)
/usr/bin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
/usr/bin/sendmail\.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0)
/usr/bin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
diff --git a/mta.te b/mta.te
index 6320c52..b02ee2b 100644
--- a/mta.te
+++ b/mta.te
@@ -109,6 +109,7 @@ init_dontaudit_rw_utmp(user_mail_domain)
logging_send_syslog_msg(user_mail_domain)
+miscfiles_read_all_certs(user_mail_domain)
miscfiles_read_localization(user_mail_domain)
tunable_policy(`use_samba_home_dirs',`
--
2.16.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 6/6] virt: Add netlink socket and filetrans
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
` (3 preceding siblings ...)
2018-04-12 11:38 ` [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl certs Jason Zaman
@ 2018-04-12 11:38 ` Jason Zaman
2018-04-12 23:08 ` Chris PeBenito
2018-04-12 23:07 ` [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Chris PeBenito
5 siblings, 1 reply; 12+ messages in thread
From: Jason Zaman @ 2018-04-12 11:38 UTC (permalink / raw)
To: refpolicy
---
virt.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/virt.te b/virt.te
index 0907fd8..a20bfa3 100644
--- a/virt.te
+++ b/virt.te
@@ -471,6 +471,7 @@ allow virtd_t self:tcp_socket { accept listen };
allow virtd_t self:tun_socket { create_socket_perms relabelfrom relabelto };
allow virtd_t self:rawip_socket create_socket_perms;
allow virtd_t self:packet_socket create_socket_perms;
+allow virtd_t self:netlink_generic_socket create_socket_perms;
allow virtd_t self:netlink_kobject_uevent_socket create_socket_perms;
allow virtd_t self:netlink_route_socket nlmsg_write;
@@ -489,6 +490,7 @@ domtrans_pattern(virtd_t, virtd_lxc_exec_t, virtd_lxc_t)
manage_dirs_pattern(virtd_t, virt_cache_t, virt_cache_t)
manage_files_pattern(virtd_t, virt_cache_t, virt_cache_t)
+files_var_filetrans(virtd_t, virt_cache_t, { file dir })
manage_dirs_pattern(virtd_t, virt_content_t, virt_content_t)
manage_files_pattern(virtd_t, virt_content_t, virt_content_t)
--
2.16.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
` (4 preceding siblings ...)
2018-04-12 11:38 ` [refpolicy] [PATCH 6/6] virt: Add netlink socket and filetrans Jason Zaman
@ 2018-04-12 23:07 ` Chris PeBenito
5 siblings, 0 replies; 12+ messages in thread
From: Chris PeBenito @ 2018-04-12 23:07 UTC (permalink / raw)
To: refpolicy
On 04/12/2018 07:38 AM, Jason Zaman wrote:
> ---
> ifplugd.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/ifplugd.te b/ifplugd.te
> index 9267c1b..78bcd14 100644
> --- a/ifplugd.te
> +++ b/ifplugd.te
> @@ -53,6 +53,8 @@ domain_dontaudit_read_all_domains_state(ifplugd_t)
>
> auth_use_nsswitch(ifplugd_t)
>
> +init_domtrans_script(ifplugd_t)
> +
> logging_send_syslog_msg(ifplugd_t)
>
> miscfiles_read_localization(ifplugd_t)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script
2018-04-12 11:38 ` [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script Jason Zaman
@ 2018-04-12 23:07 ` Chris PeBenito
0 siblings, 0 replies; 12+ messages in thread
From: Chris PeBenito @ 2018-04-12 23:07 UTC (permalink / raw)
To: refpolicy
On 04/12/2018 07:38 AM, Jason Zaman wrote:
> From: Scall <scall@prosemail.net>
>
> ---
> samba.te | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/samba.te b/samba.te
> index f6042e7..4357fe5 100644
> --- a/samba.te
> +++ b/samba.te
> @@ -114,7 +114,7 @@ init_daemon_domain(nmbd_t, nmbd_exec_t)
>
> type samba_var_run_t;
> typealias samba_var_run_t alias { nmbd_var_run_t smbd_var_run_t };
> -files_pid_file(samba_var_run_t)
> +init_daemon_pid_file(samba_var_run_t, dir, "samba")
>
> type samba_etc_t;
> files_config_file(samba_etc_t)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 3/6] gnome: add fcontext gconf_tmp_t for /run/user/%{USERID}/dconf
2018-04-12 11:38 ` [refpolicy] [PATCH 3/6] gnome: add fcontext gconf_tmp_t for /run/user/%{USERID}/dconf Jason Zaman
@ 2018-04-12 23:07 ` Chris PeBenito
0 siblings, 0 replies; 12+ messages in thread
From: Chris PeBenito @ 2018-04-12 23:07 UTC (permalink / raw)
To: refpolicy
On 04/12/2018 07:38 AM, Jason Zaman wrote:
> ---
> gnome.fc | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/gnome.fc b/gnome.fc
> index 744ff68..14f78b3 100644
> --- a/gnome.fc
> +++ b/gnome.fc
> @@ -20,3 +20,4 @@ HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> /run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0)
> /run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> /run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0)
> +/run/user/%{USERID}/dconf(/.*)? gen_context(system_u:object_r:gconf_tmp_t,s0)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 4/6] mozilla: allow map usr, home, tmp files
2018-04-12 11:38 ` [refpolicy] [PATCH 4/6] mozilla: allow map usr, home, tmp files Jason Zaman
@ 2018-04-12 23:08 ` Chris PeBenito
0 siblings, 0 replies; 12+ messages in thread
From: Chris PeBenito @ 2018-04-12 23:08 UTC (permalink / raw)
To: refpolicy
On 04/12/2018 07:38 AM, Jason Zaman wrote:
> ---
> mozilla.te | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/mozilla.te b/mozilla.te
> index bc45d50..08496b6 100644
> --- a/mozilla.te
> +++ b/mozilla.te
> @@ -108,6 +108,7 @@ manage_lnk_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
> fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
> +allow mozilla_t mozilla_plugin_tmpfs_t:file map;
>
> allow mozilla_t mozilla_plugin_rw_t:dir list_dir_perms;
> allow mozilla_t mozilla_plugin_rw_t:file read_file_perms;
> @@ -347,6 +348,7 @@ allow mozilla_plugin_t mozilla_t:sem create_sem_perms;
> manage_dirs_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, { mozilla_home_t mozilla_plugin_home_t })
> manage_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> manage_lnk_files_pattern(mozilla_plugin_t, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
> +allow mozilla_plugin_t mozilla_home_t:file map;
>
> userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".galeon")
> userdom_user_home_dir_filetrans(mozilla_plugin_t, mozilla_home_t, dir, ".mozilla")
> @@ -370,6 +372,8 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin
> files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
> userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file })
>
> +allow mozilla_plugin_t mozilla_tmp_t:file rw_file_perms;
> +
> manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
> @@ -479,6 +483,7 @@ files_exec_usr_files(mozilla_plugin_t)
> files_list_mnt(mozilla_plugin_t)
> files_read_config_files(mozilla_plugin_t)
> files_read_usr_files(mozilla_plugin_t)
> +files_map_usr_files(mozilla_plugin_t)
>
> fs_getattr_all_fs(mozilla_plugin_t)
> # fs_read_hugetlbfs_files(mozilla_plugin_t)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl certs
2018-04-12 11:38 ` [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl certs Jason Zaman
@ 2018-04-12 23:08 ` Chris PeBenito
0 siblings, 0 replies; 12+ messages in thread
From: Chris PeBenito @ 2018-04-12 23:08 UTC (permalink / raw)
To: refpolicy
On 04/12/2018 07:38 AM, Jason Zaman wrote:
> ---
> mta.fc | 3 +++
> mta.te | 1 +
> 2 files changed, 4 insertions(+)
>
> diff --git a/mta.fc b/mta.fc
> index ace4a1f..66634b0 100644
> --- a/mta.fc
> +++ b/mta.fc
> @@ -2,6 +2,7 @@ HOME_DIR/\.esmtp_queue -- gen_context(system_u:object_r:mail_home_t,s0)
> HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0)
> HOME_DIR/dead\.letter -- gen_context(system_u:object_r:mail_home_t,s0)
> HOME_DIR/\.mailrc -- gen_context(system_u:object_r:mail_home_t,s0)
> +HOME_DIR/\.msmtprc -- gen_context(system_u:object_r:mail_home_t,s0)
> HOME_DIR/Maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
> HOME_DIR/DovecotMail(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
> HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
> @@ -10,10 +11,12 @@ HOME_DIR/\.maildir(/.*)? gen_context(system_u:object_r:mail_home_rw_t,s0)
> /etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0)
> /etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0)
> /etc/mail/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0)
> +/etc/msmtprc -- gen_context(system_u:object_r:etc_mail_t,s0)
> /etc/postfix/aliases.* -- gen_context(system_u:object_r:etc_aliases_t,s0)
>
> /usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0)
> /usr/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
> +/usr/bin/msmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0)
> /usr/bin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
> /usr/bin/sendmail\.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0)
> /usr/bin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
> diff --git a/mta.te b/mta.te
> index 6320c52..b02ee2b 100644
> --- a/mta.te
> +++ b/mta.te
> @@ -109,6 +109,7 @@ init_dontaudit_rw_utmp(user_mail_domain)
>
> logging_send_syslog_msg(user_mail_domain)
>
> +miscfiles_read_all_certs(user_mail_domain)
> miscfiles_read_localization(user_mail_domain)
>
> tunable_policy(`use_samba_home_dirs',`
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 12+ messages in thread
* [refpolicy] [PATCH 6/6] virt: Add netlink socket and filetrans
2018-04-12 11:38 ` [refpolicy] [PATCH 6/6] virt: Add netlink socket and filetrans Jason Zaman
@ 2018-04-12 23:08 ` Chris PeBenito
0 siblings, 0 replies; 12+ messages in thread
From: Chris PeBenito @ 2018-04-12 23:08 UTC (permalink / raw)
To: refpolicy
On 04/12/2018 07:38 AM, Jason Zaman wrote:
> ---
> virt.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/virt.te b/virt.te
> index 0907fd8..a20bfa3 100644
> --- a/virt.te
> +++ b/virt.te
> @@ -471,6 +471,7 @@ allow virtd_t self:tcp_socket { accept listen };
> allow virtd_t self:tun_socket { create_socket_perms relabelfrom relabelto };
> allow virtd_t self:rawip_socket create_socket_perms;
> allow virtd_t self:packet_socket create_socket_perms;
> +allow virtd_t self:netlink_generic_socket create_socket_perms;
> allow virtd_t self:netlink_kobject_uevent_socket create_socket_perms;
> allow virtd_t self:netlink_route_socket nlmsg_write;
>
> @@ -489,6 +490,7 @@ domtrans_pattern(virtd_t, virtd_lxc_exec_t, virtd_lxc_t)
>
> manage_dirs_pattern(virtd_t, virt_cache_t, virt_cache_t)
> manage_files_pattern(virtd_t, virt_cache_t, virt_cache_t)
> +files_var_filetrans(virtd_t, virt_cache_t, { file dir })
>
> manage_dirs_pattern(virtd_t, virt_content_t, virt_content_t)
> manage_files_pattern(virtd_t, virt_content_t, virt_content_t)
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2018-04-12 23:08 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-12 11:38 [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Jason Zaman
2018-04-12 11:38 ` [refpolicy] [PATCH 2/6] Fix /run/samba context generated by samba init script Jason Zaman
2018-04-12 23:07 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 3/6] gnome: add fcontext gconf_tmp_t for /run/user/%{USERID}/dconf Jason Zaman
2018-04-12 23:07 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 4/6] mozilla: allow map usr, home, tmp files Jason Zaman
2018-04-12 23:08 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 5/6] mta: Add msmtp fcontexts and allow ssl certs Jason Zaman
2018-04-12 23:08 ` Chris PeBenito
2018-04-12 11:38 ` [refpolicy] [PATCH 6/6] virt: Add netlink socket and filetrans Jason Zaman
2018-04-12 23:08 ` Chris PeBenito
2018-04-12 23:07 ` [refpolicy] [PATCH 1/6] ifplugd: Allow transition to init scripts Chris PeBenito
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).