diff options
| author |   Sven Vermeulen <swift@gentoo.org> | 2011-11-12 20:53:53 +0000 |
|---|---|---|
| committer | Sven Vermeulen <swift@gentoo.org> | 2011-11-12 20:53:53 +0000 |
| commit | c9a92a863c67335aaab995f3a7fa3cb2374103cd (patch) | |
| tree | c40a6f1a1345f8826a762554a8b4478ce9f1798d /sec-policy/selinux-postfix | |
| parent | whitespace (diff) | |
| download | gentoo-2-c9a92a863c67335aaab995f3a7fa3cb2374103cd.tar.gz gentoo-2-c9a92a863c67335aaab995f3a7fa3cb2374103cd.tar.bz2 gentoo-2-c9a92a863c67335aaab995f3a7fa3cb2374103cd.zip | |
Removing the SELinux 2.20101213 policies
(Portage version: 2.1.10.11/cvs/Linux x86_64)
Diffstat (limited to 'sec-policy/selinux-postfix')
5 files changed, 6 insertions, 231 deletions
diff --git a/sec-policy/selinux-postfix/ChangeLog b/sec-policy/selinux-postfix/ChangeLog index 8cf480cee37a..f88b8213aeb4 100644 --- a/sec-policy/selinux-postfix/ChangeLog +++ b/sec-policy/selinux-postfix/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sec-policy/selinux-postfix # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/ChangeLog,v 1.37 2011/10/23 12:42:52 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/ChangeLog,v 1.38 2011/11/12 20:53:31 swift Exp $ + + 12 Nov 2011; <swift@gentoo.org> -files/fix-services-postfix-r1.patch, + -files/fix-services-postfix-r2.patch, -files/fix-services-postfix-r3.patch, + -selinux-postfix-2.20101213-r3.ebuild: + Removing old policies 23 Oct 2011; <swift@gentoo.org> selinux-postfix-2.20110726-r1.ebuild: Stabilization (tracker #384231) diff --git a/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch b/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch deleted file mode 100644 index da3e0adb35bb..000000000000 --- a/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch +++ /dev/null @@ -1,63 +0,0 @@ ---- services/postfix.te 2010-08-03 15:11:07.000000000 +0200 -+++ services/postfix.te 2011-03-03 17:48:25.952999995 +0100 -@@ -93,7 +93,7 @@ - # - - # chown is to set the correct ownership of queue dirs --allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config }; -+allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config dac_read_search }; - allow postfix_master_t self:fifo_file rw_fifo_file_perms; - allow postfix_master_t self:tcp_socket create_stream_socket_perms; - allow postfix_master_t self:udp_socket create_socket_perms; -@@ -589,6 +589,7 @@ - # for OpenSSL certificates - files_read_usr_files(postfix_smtpd_t) - mta_read_aliases(postfix_smtpd_t) -+mta_read_config(postfix_smtpd_t) - - optional_policy(` - dovecot_stream_connect_auth(postfix_smtpd_t) ---- services/postfix.fc 2010-08-03 15:11:07.000000000 +0200 -+++ services/postfix.fc 2011-03-03 15:12:19.081999996 +0100 -@@ -16,24 +16,27 @@ - /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) - /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) - ', ` --/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) --/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) --/usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) --/usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) --/usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) --/usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) --/usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) --/usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) --/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) --/usr/lib/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) --/usr/lib/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -+/usr/lib(64)?/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) -+/usr/lib(64)?/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) -+/usr/lib(64)?/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) -+/usr/lib(64)?/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) -+/usr/lib(64)?/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) -+/usr/lib(64)?/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) -+/usr/lib(64)?/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) -+/usr/lib(64)?/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) -+/usr/lib(64)?/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) -+/usr/lib(64)?/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) -+/usr/lib(64)?/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -+/usr/lib(64)?/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) - ') - /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) - /etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0) -+ifndef(`distro_gentoo',` - /usr/sbin/postalias -- gen_context(system_u:object_r:postfix_master_exec_t,s0) -+') - /usr/sbin/postcat -- gen_context(system_u:object_r:postfix_master_exec_t,s0) - /usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exec_t,s0) - /usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0) diff --git a/sec-policy/selinux-postfix/files/fix-services-postfix-r2.patch b/sec-policy/selinux-postfix/files/fix-services-postfix-r2.patch deleted file mode 100644 index df3af68576c0..000000000000 --- a/sec-policy/selinux-postfix/files/fix-services-postfix-r2.patch +++ /dev/null @@ -1,76 +0,0 @@ ---- services/postfix.te 2010-08-03 15:11:07.000000000 +0200 -+++ services/postfix.te 2011-03-13 16:04:36.436999999 +0100 -@@ -93,7 +93,7 @@ - # - - # chown is to set the correct ownership of queue dirs --allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config }; -+allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config dac_read_search }; - allow postfix_master_t self:fifo_file rw_fifo_file_perms; - allow postfix_master_t self:tcp_socket create_stream_socket_perms; - allow postfix_master_t self:udp_socket create_socket_perms; -@@ -201,6 +201,9 @@ - - optional_policy(` - mysql_stream_connect(postfix_master_t) -+ mysql_stream_connect(postfix_cleanup_t) -+ mysql_stream_connect(postfix_local_t) -+ mysql_stream_connect(postfix_virtual_t) - ') - - optional_policy(` -@@ -589,6 +592,7 @@ - # for OpenSSL certificates - files_read_usr_files(postfix_smtpd_t) - mta_read_aliases(postfix_smtpd_t) -+mta_read_config(postfix_smtpd_t) - - optional_policy(` - dovecot_stream_connect_auth(postfix_smtpd_t) ---- services/postfix.fc 2010-08-03 15:11:07.000000000 +0200 -+++ services/postfix.fc 2011-03-13 15:54:11.765000000 +0100 -@@ -16,20 +16,21 @@ - /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) - /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) - ', ` --/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) --/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) --/usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) --/usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) --/usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) --/usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) --/usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) --/usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) --/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) --/usr/lib/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) --/usr/lib/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -+/usr/lib(64)?/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) -+/usr/lib(64)?/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) -+/usr/lib(64)?/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) -+/usr/lib(64)?/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) -+/usr/lib(64)?/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) -+/usr/lib(64)?/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) -+/usr/lib(64)?/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) -+/usr/lib(64)?/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) -+/usr/lib(64)?/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) -+/usr/lib(64)?/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) -+/usr/lib(64)?/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -+/usr/lib(64)?/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) - ') - /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) - /etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0) -@@ -48,7 +49,7 @@ - - /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) - /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) --/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0) -+/var/spool/postfix/pid(/.*)? gen_context(system_u:object_r:postfix_var_run_t,s0) - /var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0) - /var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) - /var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0) diff --git a/sec-policy/selinux-postfix/files/fix-services-postfix-r3.patch b/sec-policy/selinux-postfix/files/fix-services-postfix-r3.patch deleted file mode 100644 index f748e9ad44a0..000000000000 --- a/sec-policy/selinux-postfix/files/fix-services-postfix-r3.patch +++ /dev/null @@ -1,77 +0,0 @@ ---- services/postfix.te 2010-08-03 15:11:07.000000000 +0200 -+++ services/postfix.te 2011-03-19 18:19:42.287000040 +0100 -@@ -93,7 +93,7 @@ - # - - # chown is to set the correct ownership of queue dirs --allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config }; -+allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config dac_read_search }; - allow postfix_master_t self:fifo_file rw_fifo_file_perms; - allow postfix_master_t self:tcp_socket create_stream_socket_perms; - allow postfix_master_t self:udp_socket create_socket_perms; -@@ -201,6 +201,10 @@ - - optional_policy(` - mysql_stream_connect(postfix_master_t) -+ mysql_stream_connect(postfix_cleanup_t) -+ mysql_stream_connect(postfix_local_t) -+ mysql_stream_connect(postfix_virtual_t) -+ mysql_stream_connect(postfix_smtpd_t) - ') - - optional_policy(` -@@ -589,6 +593,7 @@ - # for OpenSSL certificates - files_read_usr_files(postfix_smtpd_t) - mta_read_aliases(postfix_smtpd_t) -+mta_read_config(postfix_smtpd_t) - - optional_policy(` - dovecot_stream_connect_auth(postfix_smtpd_t) ---- services/postfix.fc 2010-08-03 15:11:07.000000000 +0200 -+++ services/postfix.fc 2011-03-13 15:54:11.765000000 +0100 -@@ -16,20 +16,21 @@ - /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) - /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) - ', ` --/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) --/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) --/usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) --/usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) --/usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) --/usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) --/usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) --/usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) --/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) --/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) --/usr/lib/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) --/usr/lib/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -+/usr/lib(64)?/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) -+/usr/lib(64)?/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) -+/usr/lib(64)?/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) -+/usr/lib(64)?/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) -+/usr/lib(64)?/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) -+/usr/lib(64)?/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) -+/usr/lib(64)?/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) -+/usr/lib(64)?/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) -+/usr/lib(64)?/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) -+/usr/lib(64)?/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) -+/usr/lib(64)?/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) -+/usr/lib(64)?/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -+/usr/lib(64)?/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) - ') - /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0) - /etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0) -@@ -48,7 +49,7 @@ - - /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) - /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) --/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0) -+/var/spool/postfix/pid(/.*)? gen_context(system_u:object_r:postfix_var_run_t,s0) - /var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0) - /var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) - /var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0) diff --git a/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r3.ebuild b/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r3.ebuild deleted file mode 100644 index c7bb1da8fccf..000000000000 --- a/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r3.ebuild +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r3.ebuild,v 1.2 2011/06/02 12:45:20 blueness Exp $ - -MODS="postfix" -IUSE="" - -inherit selinux-policy-2 - -DESCRIPTION="SELinux policy for postfix" - -KEYWORDS="amd64 x86" - -POLICY_PATCH="${FILESDIR}/fix-services-postfix-r3.patch" |