The uwimap application does not require inetd to be running or even available on
the system. Since inetd is not mandatory, it is not considered part of the base
policy, so its call should be optional.
Signed-off-by: Sven Vermeulen <[email protected]>
---
uwimap.te | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/uwimap.te b/uwimap.te
index 41fa663..5f5d61f 100644
--- a/uwimap.te
+++ b/uwimap.te
@@ -8,7 +8,6 @@ policy_module(uwimap, 1.8.0)
type imapd_t;
type imapd_exec_t;
init_daemon_domain(imapd_t, imapd_exec_t)
-inetd_tcp_service_domain(imapd_t, imapd_exec_t)
type imapd_tmp_t;
files_tmp_file(imapd_tmp_t)
@@ -83,6 +82,10 @@ userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file f
mta_rw_spool(imapd_t)
optional_policy(`
+ inetd_tcp_service_domain(imapd_t, imapd_exec_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(imapd_t)
')
--
1.7.3.4
On 11/15/11 04:49, Sven Vermeulen wrote:
> The uwimap application does not require inetd to be running or even available on
> the system. Since inetd is not mandatory, it is not considered part of the base
> policy, so its call should be optional.
Merged.
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> uwimap.te | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/uwimap.te b/uwimap.te
> index 41fa663..5f5d61f 100644
> --- a/uwimap.te
> +++ b/uwimap.te
> @@ -8,7 +8,6 @@ policy_module(uwimap, 1.8.0)
> type imapd_t;
> type imapd_exec_t;
> init_daemon_domain(imapd_t, imapd_exec_t)
> -inetd_tcp_service_domain(imapd_t, imapd_exec_t)
>
> type imapd_tmp_t;
> files_tmp_file(imapd_tmp_t)
> @@ -83,6 +82,10 @@ userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file f
> mta_rw_spool(imapd_t)
>
> optional_policy(`
> + inetd_tcp_service_domain(imapd_t, imapd_exec_t)
> +')
> +
> +optional_policy(`
> seutil_sigchld_newrole(imapd_t)
> ')
>
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com