commit: 02fa620d3ded0f4b2eeca78cb7c6bb13542c19af
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Aug 30 20:15:48 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Aug 30 20:15:48 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=02fa620d
Updates on salt policy - interaction with postfix
---
policy/modules/contrib/salt.te | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te
index 180305f..279edfb 100644
--- a/policy/modules/contrib/salt.te
+++ b/policy/modules/contrib/salt.te
@@ -200,7 +200,7 @@ tunable_policy(`salt_master_read_nfs',`
allow salt_minion_t self:capability { fsetid chown net_admin sys_admin
sys_tty_config };
allow salt_minion_t self:capability2 block_suspend;
-allow salt_minion_t self:process { signull };
+allow salt_minion_t self:process { signal signull };
allow salt_minion_t self:tcp_socket create_stream_socket_perms;
allow salt_minion_t self:udp_socket create_socket_perms;
allow salt_minion_t self:unix_dgram_socket create_socket_perms;
@@ -277,8 +277,12 @@ fs_getattr_all_fs(salt_minion_t)
getty_use_fds(salt_minion_t)
+init_exec_rc(salt_minion_t)
+
miscfiles_read_localization(salt_minion_t)
+seutil_domtrans_setfiles(salt_minion_t)
+
sysnet_exec_ifconfig(salt_minion_t)
sysnet_read_config(salt_minion_t)
@@ -298,6 +302,11 @@ optional_policy(`
')
optional_policy(`
+ postfix_domtrans_master(salt_minion_t)
+ postfix_run_map(salt_minion_t, salt_minion_roles)
+')
+
+optional_policy(`
shutdown_domtrans(salt_minion_t)
')
