From: guido@trentalancia.net (Guido Trentalancia) Date: Fri, 14 Apr 2017 01:25:25 +0200 Subject: [refpolicy] [PATCH 6/10] evolution: add some critical permissions Message-ID: <1492125925.14193.44.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Update the evolution module with permissions strictly needed to run new versions. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/evolution.te | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- refpolicy-git-13042017-2208/policy/modules/contrib/evolution.te 2017-04-14 00:47:44.378717800 +0200 +++ refpolicy-git-13042017-2208-new/policy/modules/contrib/evolution.te 2017-04-14 00:49:07.168717461 +0200 @@ -111,7 +111,7 @@ userdom_user_tmpfs_file(evolution_webcal # allow evolution_t self:capability { setgid setuid sys_nice }; -allow evolution_t self:process { signal getsched setsched }; +allow evolution_t self:process { execmem getsched setsched signal }; allow evolution_t self:fifo_file rw_file_perms; allow evolution_t evolution_home_t:dir manage_dir_perms; @@ -185,7 +185,9 @@ domain_dontaudit_read_all_domains_state( files_read_usr_files(evolution_t) fs_dontaudit_getattr_xattr_fs(evolution_t) +fs_getattr_tmpfs(evolution_t) fs_search_auto_mountpoints(evolution_t) +fs_search_cgroup_dirs(evolution_t) auth_use_nsswitch(evolution_t)