commit: 78a19a3f7cbb0596156dc9c50dadfaf629111ccf
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Wed Jan 3 23:40:06 2018 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Jan 18 16:26:15 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=78a19a3f
spamassassin: fix missing perms
version 2:
* fix non existent interface kernel_search_crypto_sysctls
* add spamd-gpg permissions on update
policy/modules/contrib/spamassassin.te | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/spamassassin.te
b/policy/modules/contrib/spamassassin.te
index 9bc81030..7d34829d 100644
--- a/policy/modules/contrib/spamassassin.te
+++ b/policy/modules/contrib/spamassassin.te
@@ -549,10 +549,13 @@ optional_policy(`
allow spamd_gpg_t spamd_update_t:fd use;
allow spamd_gpg_t spamd_update_t:process sigchld;
allow spamd_gpg_t spamd_update_t:fifo_file { getattr write };
- allow spamd_gpg_t spamd_var_lib_t:dir search_dir_perms;
- allow spamd_gpg_t spamd_var_lib_t:file rw_file_perms;
+ allow spamd_gpg_t spamd_var_lib_t:dir rw_dir_perms;
+ allow spamd_gpg_t spamd_var_lib_t:file manage_file_perms;
allow spamd_gpg_t spamd_update_tmp_t:file read_file_perms;
+ # fips
+ kernel_read_crypto_sysctls(spamd_gpg_t)
+
domain_use_interactive_fds(spamd_gpg_t)
files_read_etc_files(spamd_gpg_t)
@@ -562,6 +565,7 @@ optional_policy(`
files_search_tmp(spamd_gpg_t)
init_use_fds(spamd_gpg_t)
+ init_rw_inherited_stream_socket(spamd_gpg_t)
miscfiles_read_localization(spamd_gpg_t)
