rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
69818d8fec
selinux-policy/fix_sendmail.patch
Johannes Segitz 48d925e070 Accepting request 1042948 from home:jsegitz:branches:security:SELinux 
- Add fix_sendmail.patch 
  * fix context of custom sendmail startup helper
  * fix context of /var/run/sendmail and add necessary rules to manage
    content in there

OBS-URL: https://build.opensuse.org/request/show/1042948
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=163
2022-12-14 15:43:48 +00:00

33 lines
1.8 KiB
Diff
Raw Blame History

Index: fedora-policy-20221019/policy/modules/contrib/sendmail.fc
===================================================================
--- fedora-policy-20221019.orig/policy/modules/contrib/sendmail.fc
+++ fedora-policy-20221019/policy/modules/contrib/sendmail.fc
@@ -1,8 +1,9 @@
/etc/rc\.d/init\.d/sendmail -- gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
+/etc/mail/system/sm-client.pre -- gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
/var/log/sendmail\.st.* -- gen_context(system_u:object_r:sendmail_log_t,s0)
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
-/var/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
+/var/run/sendmail(/.*)? gen_context(system_u:object_r:sendmail_var_run_t,s0)
/var/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
Index: fedora-policy-20221019/policy/modules/contrib/sendmail.te
===================================================================
--- fedora-policy-20221019.orig/policy/modules/contrib/sendmail.te
+++ fedora-policy-20221019/policy/modules/contrib/sendmail.te
@@ -60,8 +60,10 @@ manage_dirs_pattern(sendmail_t, sendmail
manage_files_pattern(sendmail_t, sendmail_tmp_t, sendmail_tmp_t)
files_tmp_filetrans(sendmail_t, sendmail_tmp_t, { file dir })
-allow sendmail_t sendmail_var_run_t:file manage_file_perms;
-files_pid_filetrans(sendmail_t, sendmail_var_run_t, file)
+manage_dirs_pattern(sendmail_t, sendmail_var_run_t, sendmail_var_run_t)
+manage_files_pattern(sendmail_t, sendmail_var_run_t, sendmail_var_run_t)
+manage_sock_files_pattern(sendmail_t, sendmail_var_run_t, sendmail_var_run_t)
+files_pid_filetrans(sendmail_t, sendmail_var_run_t, { file dir })
kernel_read_network_state(sendmail_t)
kernel_read_kernel_sysctls(sendmail_t)
View Git Blame Copy Permalink