Accueil Explorer Aide
Connexion
Hoshpak
/
debian-selinux-policies
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

apticron: allow to execute sendmail, add missing permissions

Helmut Pozimski il y a 7 ans
Parent
066007f4ef
commit
10e5bc796b
1 fichiers modifiés avec 10 ajouts et 6 suppressions
Vue séparée Afficher les stats Diff
  1. 10 6
      policy/modules/apticron.te

+ 10 - 6
policy/modules/apticron.te
Voir le fichier 

@@ -1,4 +1,4 @@
 
-policy_module(apticron, 0.1.8)
 
+policy_module(apticron, 0.1.9)
 
 
 #################################
 
 #
 
@@ -29,9 +29,9 @@ files_config_file(apticron_etc_t)
 
 allow apticron_t self:fifo_file { read write ioctl getattr };
 
 allow apticron_t self:capability setgid;
 
 allow apticron_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
 
-allow apticron_t self:process getsched;
 
 allow apticron_t self:tcp_socket { read write create connect };
 
 allow apticron_t self:udp_socket { create connect getattr };
 
+allow apticron_t self:process { setfscreate setrlimit getsched };
 
 
 manage_files_pattern(apticron_t, apticron_tmp_t, apticron_tmp_t)
 
 manage_dirs_pattern(apticron_t, apticron_tmp_t, apticron_tmp_t)
 
@@ -55,6 +55,8 @@ dev_read_urand(apticron_t)
 
 sysnet_read_config(apticron_t)
 
 corenet_tcp_connect_smtp_port(apticron_t)
 
 
+mta_sendmail_exec(apticron_t)
 
+
 
 gen_require(`
 
 	type apt_var_cache_t;
 
 ')
 
@@ -64,7 +66,7 @@ allow apticron_t apt_var_cache_t:file { read getattr open };
 
 gen_require(`
 
 	type apt_var_lib_t;
 
 ')
 
-allow apticron_t apt_var_lib_t:dir { read open search };
 
+allow apticron_t apt_var_lib_t:dir { read open search getattr };
 
 allow apticron_t apt_var_lib_t:file { read ioctl open getattr };
 
 
 gen_require(`
 
@@ -75,12 +77,14 @@ allow apticron_t crond_tmp_t:file { read write getattr ioctl };
 
 gen_require(`
 
 	type etc_t;
 
 ')
 
-allow apticron_t etc_t:file { read getattr open };
 
+allow apticron_t etc_t:file { read getattr open ioctl };
 
 
 gen_require(`
 
 	type usr_t;
 
 ')
 
 allow apticron_t usr_t:file { read getattr open };
 
+allow apticron_t usr_t:dir { read getattr open };
 
+
 
 optional_policy(`
 
         cron_system_entry(apticron_t, apticron_exec_t)
 
 ')
 
@@ -88,7 +92,7 @@ optional_policy(`
 
 gen_require(`
 
         type dpkg_var_lib_t;
 
 ')
 
-allow apticron_t dpkg_var_lib_t:file { read getattr open };
 
-allow apticron_t dpkg_var_lib_t:dir { read search open };
 
+allow apticron_t dpkg_var_lib_t:file { read getattr open ioctl };
 
+allow apticron_t dpkg_var_lib_t:dir { read search open getattr };