diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-29 20:49:15 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-29 20:49:15 +0000 |
commit | 2c03f51e6ea27876af97d3240baea9404d1cabcf (patch) | |
tree | 8793ef7c72acc9add703e2d7e7a7c76770e18142 /pki/base/selinux | |
parent | 5f7d7c648249b7d47174d20f2612cd15403cf1c9 (diff) | |
download | pki-2c03f51e6ea27876af97d3240baea9404d1cabcf.tar.gz pki-2c03f51e6ea27876af97d3240baea9404d1cabcf.tar.xz pki-2c03f51e6ea27876af97d3240baea9404d1cabcf.zip |
Bugzilla Bug 495212 - selinux messages from startup/ install
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@505 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/selinux')
-rw-r--r-- | pki/base/selinux/src/pki.if | 6 | ||||
-rw-r--r-- | pki/base/selinux/src/pki.te | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if index 5b8e89ebe..277faaec9 100644 --- a/pki/base/selinux/src/pki.if +++ b/pki/base/selinux/src/pki.if @@ -177,6 +177,9 @@ template(`pki_ca_template',` allow $1_t self:unix_dgram_socket { write create connect }; allow $1_t syslogd_t:unix_dgram_socket sendto; + #allow sending mail + corenet_tcp_connect_smtp_port($1_t) + ') ######################################## @@ -487,7 +490,8 @@ template(`pki_tps_template',` allow pki_tps_t lib_t:file execute_no_trans; - allow pki_tps_t self:capability { setuid sys_nice setgid dac_override }; + #fowner needed for chmod + allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner}; allow pki_tps_t self:process { setsched signal getsched signull execstack execmem}; allow pki_tps_t self:sem all_sem_perms; allow pki_tps_t self:tcp_socket create_stream_socket_perms; diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te index 169dc0ef1..ae17c2520 100644 --- a/pki/base/selinux/src/pki.te +++ b/pki/base/selinux/src/pki.te @@ -1,4 +1,4 @@ -policy_module(pki,1.0.7) +policy_module(pki,1.0.8) attribute pki_ca_config; attribute pki_ca_executable; |