Update the evolution module with permissions strictly needed to
run new versions.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.te | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- refpolicy-git-13042017-2208/policy/modules/contrib/evolution.te 2017-04-14 00:47:44.378717800 +0200
+++ refpolicy-git-13042017-2208-new/policy/modules/contrib/evolution.te 2017-04-14 00:49:07.168717461 +0200
@@ -111,7 +111,7 @@ userdom_user_tmpfs_file(evolution_webcal
#
allow evolution_t self:capability { setgid setuid sys_nice };
-allow evolution_t self:process { signal getsched setsched };
+allow evolution_t self:process { execmem getsched setsched signal };
allow evolution_t self:fifo_file rw_file_perms;
allow evolution_t evolution_home_t:dir manage_dir_perms;
@@ -185,7 +185,9 @@ domain_dontaudit_read_all_domains_state(
files_read_usr_files(evolution_t)
fs_dontaudit_getattr_xattr_fs(evolution_t)
+fs_getattr_tmpfs(evolution_t)
fs_search_auto_mountpoints(evolution_t)
+fs_search_cgroup_dirs(evolution_t)
auth_use_nsswitch(evolution_t)