From: pebenito@ieee.org (Chris PeBenito) Date: Wed, 3 Jan 2018 16:48:39 -0500 Subject: [refpolicy] [PATCH 2/2] dkim: update In-Reply-To: <20180101112230.15168-2-cgzones@googlemail.com> References: <20180101112230.15168-1-cgzones@googlemail.com> <20180101112230.15168-2-cgzones@googlemail.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/01/2018 06:22 AM, Christian G?ttsche via refpolicy wrote: > --- > dkim.te | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/dkim.te b/dkim.te > index 4ddefbf8..29880efb 100644 > --- a/dkim.te > +++ b/dkim.te > @@ -23,23 +23,24 @@ init_daemon_pid_file(dkim_milter_data_t, dir, "opendkim") > # Local policy > # > > -allow dkim_milter_t self:capability { dac_override setgid setuid }; > +allow dkim_milter_t self:capability { dac_read_search dac_override setgid setuid }; > allow dkim_milter_t self:process { signal signull }; > allow dkim_milter_t self:unix_stream_socket create_stream_socket_perms; > > read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t) > > +# /proc/sys/kernel/ngroups_max > kernel_read_kernel_sysctls(dkim_milter_t) > kernel_read_vm_overcommit_sysctl(dkim_milter_t) > > corenet_udp_bind_generic_node(dkim_milter_t) > corenet_udp_bind_all_unreserved_ports(dkim_milter_t) > -corenet_dontaudit_udp_bind_all_ports(dkim_milter_t) > > dev_read_urand(dkim_milter_t) > # for cpu/online > dev_read_sysfs(dkim_milter_t) > > +files_pid_filetrans(dkim_milter_t, dkim_milter_data_t, { dir file }) > files_read_usr_files(dkim_milter_t) > files_search_spool(dkim_milter_t) Merged. -- Chris PeBenito