From: pebenito@ieee.org (Chris PeBenito)
Date: Fri, 5 Jan 2018 16:21:11 -0500
Subject: [refpolicy] [PATCH] spamassassin: fix missing perms
In-Reply-To: <20180103234006.12552-1-cgzones@googlemail.com>
References: <20180103234006.12552-1-cgzones@googlemail.com>
Message-ID: <7f9837be-5c03-8406-cbf8-c7f874b9761c@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/03/2018 06:40 PM, Christian G?ttsche via refpolicy wrote:
> version 2:
> 
>   * fix non existent interface kernel_search_crypto_sysctls
>   * add spamd-gpg permissions on update
> ---
>   spamassassin.te | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/spamassassin.te b/spamassassin.te
> index 9bc81030..7d34829d 100644
> --- a/spamassassin.te
> +++ b/spamassassin.te
> @@ -549,10 +549,13 @@ optional_policy(`
>   	allow spamd_gpg_t spamd_update_t:fd use;
>   	allow spamd_gpg_t spamd_update_t:process sigchld;
>   	allow spamd_gpg_t spamd_update_t:fifo_file { getattr write };
> -	allow spamd_gpg_t spamd_var_lib_t:dir search_dir_perms;
> -	allow spamd_gpg_t spamd_var_lib_t:file rw_file_perms;
> +	allow spamd_gpg_t spamd_var_lib_t:dir rw_dir_perms;
> +	allow spamd_gpg_t spamd_var_lib_t:file manage_file_perms;
>   	allow spamd_gpg_t spamd_update_tmp_t:file read_file_perms;
>   
> +	# fips
> +	kernel_read_crypto_sysctls(spamd_gpg_t)
> +
>   	domain_use_interactive_fds(spamd_gpg_t)
>   
>   	files_read_etc_files(spamd_gpg_t)
> @@ -562,6 +565,7 @@ optional_policy(`
>   	files_search_tmp(spamd_gpg_t)
>   
>   	init_use_fds(spamd_gpg_t)
> +	init_rw_inherited_stream_socket(spamd_gpg_t)
>   
>   	miscfiles_read_localization(spamd_gpg_t)

Merged.

-- 
Chris PeBenito