* [refpolicy] services_cyrus.patch
2008-10-09 18:09 ` Christopher J. PeBenito
@ 2008-10-10 20:32 ` Daniel J Walsh
2008-10-13 15:10 ` Christopher J. PeBenito
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2008-10-10 20:32 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Add _admin support and kerberos_keytab.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjvu98ACgkQrlYvE4MpobM+OwCgqyblyjx2mD9S9ed+bpxnN7KN
uwQAn2pmMam5onEoj8c9bsB6+RSg4Jfk
=RXAW
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: services_cyrus.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20081010/447a5dfc/attachment.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: services_cyrus.patch.sig
Type: application/octet-stream
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081010/447a5dfc/attachment.obj
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] services_cyrus.patch
2008-10-10 20:32 ` [refpolicy] services_cyrus.patch Daniel J Walsh
@ 2008-10-13 15:10 ` Christopher J. PeBenito
0 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2008-10-13 15:10 UTC (permalink / raw)
To: refpolicy
On Fri, 2008-10-10 at 16:32 -0400, Daniel J Walsh wrote:
>
> Add _admin support and kerberos_keytab.
Merged.
>
>
>
>
>
> plain text
> document
> attachment
> (services_cyrus.patch)
>
> --- nsaserefpolicy/policy/modules/services/cyrus.fc 2008-08-07 11:15:11.000000000 -0400
> +++ serefpolicy-3.5.12/policy/modules/services/cyrus.fc 2008-10-10 16:08:15.000000000 -0400
> @@ -1,3 +1,4 @@
> +/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0)
>
> /usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0)
>
> --- nsaserefpolicy/policy/modules/services/cyrus.if 2008-08-07 11:15:11.000000000 -0400
> +++ serefpolicy-3.5.12/policy/modules/services/cyrus.if 2008-10-10 16:08:15.000000000 -0400
> @@ -39,3 +39,47 @@
> files_search_var_lib($1)
> stream_connect_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t, cyrus_t)
> ')
> +
> +########################################
> +## <summary>
> +## All of the rules required to administrate
> +## an cyrus environment
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <param name="role">
> +## <summary>
> +## The role to be allowed to manage the cyrus domain.
> +## </summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`cyrus_admin',`
> + gen_require(`
> + type cyrus_t, cyrus_tmp_t, cyrus_var_lib_t;
> + type cyrus_var_run_t;
> + type cyrus_initrc_exec_t;
> + ')
> +
> + allow $1 cyrus_t:process { ptrace signal_perms };
> + ps_process_pattern($1, cyrus_t)
> +
> + init_labeled_script_domtrans($1, cyrus_initrc_exec_t)
> + domain_system_change_exemption($1)
> + role_transition $2 cyrus_initrc_exec_t system_r;
> + allow $2 system_r;
> +
> + files_list_tmp($1)
> + admin_pattern($1, cyrus_tmp_t)
> +
> + files_list_var_lib($1)
> + admin_pattern($1, cyrus_var_lib_t)
> +
> + files_list_pids($1)
> + admin_pattern($1, cyrus_var_run_t)
> +')
> +
> +
> --- nsaserefpolicy/policy/modules/services/cyrus.te 2008-08-07 11:15:11.000000000 -0400
> +++ serefpolicy-3.5.12/policy/modules/services/cyrus.te 2008-10-10 16:08:15.000000000 -0400
> @@ -10,6 +10,9 @@
> type cyrus_exec_t;
> init_daemon_domain(cyrus_t, cyrus_exec_t)
>
> +type cyrus_initrc_exec_t;
> +init_script_file(cyrus_initrc_exec_t)
> +
> type cyrus_tmp_t;
> files_tmp_file(cyrus_tmp_t)
>
> @@ -120,7 +123,7 @@
> ')
>
> optional_policy(`
> - kerberos_use(cyrus_t)
> + kerberos_keytab_template(cyrus, cyrus_t)
> ')
>
> optional_policy(`
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] services_cyrus.patch
@ 2009-11-12 21:23 Daniel J Walsh
2010-01-07 16:52 ` Christopher J. PeBenito
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:23 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_cyrus.patch
cyruys stream connects to snmp
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] services_cyrus.patch
2009-11-12 21:23 Daniel J Walsh
@ 2010-01-07 16:52 ` Christopher J. PeBenito
0 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2010-01-07 16:52 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 16:23 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_cyrus.patch
>
> cyruys stream connects to snmp
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] services_cyrus.patch
@ 2010-02-23 20:05 Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:05 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_cyrus.patch
cyrus uses sieve port
Python files can cause avc when writing to usr_t.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] services_cyrus.patch
@ 2010-08-26 21:09 Daniel J Walsh
0 siblings, 0 replies; 6+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:09 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_cyrus.patch
cyrus needs fsetid access
Can attempt to write to usr, dontaudit. Not sure if this was a python
problem
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx22A4ACgkQrlYvE4MpobPWgACaA8nXqQBsAozRhoCT5qLa/6ZB
AWoAoIn8voZNiImlQXdlaKzyAlenpZot
=EkvD
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-08-26 21:09 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-26 21:09 [refpolicy] services_cyrus.patch Daniel J Walsh
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 20:05 Daniel J Walsh
2009-11-12 21:23 Daniel J Walsh
2010-01-07 16:52 ` Christopher J. PeBenito
2008-09-24 19:59 [refpolicy] services_snort.patch Daniel J Walsh
2008-10-09 18:09 ` Christopher J. PeBenito
2008-10-10 20:32 ` [refpolicy] services_cyrus.patch Daniel J Walsh
2008-10-13 15:10 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.