Christopher J. PeBenito wrote:
> On Thu, 2007-04-19 at 11:08 -0400, Daniel J Walsh wrote:
>   
>> Added httpd_squid_script_t
>>
>> squid_conf_t can be a directory
>> Squid also needs additional ports to communicate with
>>
>> dovecot and snmp try to read squid files.  (Snuck in a couple of other
>> fixes for dovecot and snmp)
>>     
>
> Merged except for the apache template, plus:
>
>   
>> +interface(`squid_dontaudit_search_squid_cache',`
>> +       gen_require(`
>> +               type squid_cache_t;
>> +       ')
>> +
>> +       dontaudit $1 squid_cache_t:dir search_dir_perms;
>> +')
>>     
>
> Dropped the second squid in the name.
>
>   
>> --- nsaserefpolicy/policy/modules/services/snmp.te      2007-03-26 10:39:04.000000000 -0400
>> +++ serefpolicy-2.5.12/policy/modules/services/snmp.te  2007-04-11 17:07:34.000000000 -0400
>> @@ -134,6 +134,11 @@
>>  ')
>>  
>>  optional_policy(`
>> +       mta_read_config(snmpd_t)
>> +       mta_search_queue(snmpd_t)
>> +')
>>     
>
> The second interface is missing.
>
>   
>>  optional_policy(`
>> +       sendmail_read_log(snmpd_t)
>> +')
>>     
>
> This one is missing too.
>
>   

Ok here is an updated patch with the missing interfaces.

snmp is trying to execute sys_module, we are dontauditing

Switched from using nis_use_ypbind to nsswitch, since snmp is using nsswitch

Also sneaking in a fix for manage sendmail_log_t.