From de3de92583112020932def04badb7ac225363d87 Mon Sep 17 00:00:00 2001 From: "Anthony G. Basile" Date: Mon, 7 Mar 2011 02:46:52 +0000 Subject: Allow mutt / gpg interaction Package-Manager: portage-2.1.9.25/cvs/Linux x86_64 --- sec-policy/selinux-mutt/ChangeLog | 8 +- .../selinux-mutt/files/add-apps-mutt-r2.patch | 87 ++++++++++++++++++++++ .../selinux-mutt/selinux-mutt-2.20101213-r2.ebuild | 15 ++++ sec-policy/selinux-postfix/Manifest | 4 +- 4 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 sec-policy/selinux-mutt/files/add-apps-mutt-r2.patch create mode 100644 sec-policy/selinux-mutt/selinux-mutt-2.20101213-r2.ebuild (limited to 'sec-policy') diff --git a/sec-policy/selinux-mutt/ChangeLog b/sec-policy/selinux-mutt/ChangeLog index 8331d17dc539..d8cd79f5609b 100644 --- a/sec-policy/selinux-mutt/ChangeLog +++ b/sec-policy/selinux-mutt/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sec-policy/selinux-mutt # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-mutt/ChangeLog,v 1.1 2011/02/05 20:41:03 blueness Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-mutt/ChangeLog,v 1.2 2011/03/07 02:46:52 blueness Exp $ + +*selinux-mutt-2.20101213-r2 (07 Mar 2011) + + 07 Mar 2011; Anthony G. Basile + +files/add-apps-mutt-r2.patch, +selinux-mutt-2.20101213-r2.ebuild: + Allow mutt / gpg interaction 05 Feb 2011; Anthony G. Basile ChangeLog: Initial commit to portage. diff --git a/sec-policy/selinux-mutt/files/add-apps-mutt-r2.patch b/sec-policy/selinux-mutt/files/add-apps-mutt-r2.patch new file mode 100644 index 000000000000..aa5c2c089fe2 --- /dev/null +++ b/sec-policy/selinux-mutt/files/add-apps-mutt-r2.patch @@ -0,0 +1,87 @@ +--- apps/mutt.te 1970-01-01 01:00:00.000000000 +0100 ++++ apps/mutt.te 2011-02-10 21:54:34.329999997 +0100 +@@ -0,0 +1,77 @@ ++policy_module(mutt, 1.0.0) ++ ++############################ ++# ++# Declarations ++# ++ ++type mutt_t; ++type mutt_exec_t; ++application_domain(mutt_t, mutt_exec_t) ++ubac_constrained(mutt_t) ++ ++type mutt_home_t; ++typealias mutt_home_t alias { user_mutt_home_t staff_mutt_home_t sysadm_mutt_home_t }; ++userdom_user_home_content(mutt_home_t) ++ ++type mutt_conf_t; ++typealias mutt_conf_t alias { user_mutt_conf_t staff_mutt_conf_t sysadm_mutt_conf_t }; ++userdom_user_home_content(mutt_conf_t) ++ ++type mutt_sys_conf_t; ++files_type(mutt_sys_conf_t) ++ ++type mutt_tmp_t; ++typealias mutt_tmp_t alias { user_mutt_tmp_t staff_mutt_tmp_t sysadm_mutt_tmp_t }; ++files_tmp_file(mutt_tmp_t) ++ubac_constrained(mutt_tmp_t) ++ ++############################ ++# ++# Local Policy Rules ++# ++ ++allow mutt_t self:process signal_perms; ++allow mutt_t self:fifo_file { getattr read write }; ++ ++ ++manage_dirs_pattern(mutt_t, mutt_home_t, mutt_home_t) ++manage_files_pattern(mutt_t, mutt_home_t, mutt_home_t) ++userdom_user_home_dir_filetrans(mutt_t, mutt_home_t, dir) ++ ++manage_dirs_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) ++manage_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) ++manage_fifo_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) ++files_tmp_filetrans(mutt_t, mutt_tmp_t, { file dir }) ++files_search_tmp(mutt_t) ++ ++read_files_pattern(mutt_t, mutt_sys_conf_t, mutt_sys_conf_t) ++read_files_pattern(mutt_t, mutt_conf_t, mutt_conf_t) ++search_dirs_pattern(mutt_t, mutt_sys_conf_t, mutt_sys_conf_t) ++ ++ ++corecmd_exec_bin(mutt_t) ++corecmd_exec_shell(mutt_t) ++corenet_tcp_connect_pop_port(mutt_t) ++corenet_tcp_connect_smtp_port(mutt_t) ++dev_read_rand(mutt_t) ++dev_read_urand(mutt_t) ++domain_use_interactive_fds(mutt_t) ++files_read_usr_files(mutt_t) ++ ++ ++auth_use_nsswitch(mutt_t) ++miscfiles_read_localization(mutt_t) ++userdom_manage_user_home_content_files(mutt_t) ++userdom_manage_user_home_content_dirs(mutt_t) ++userdom_search_user_home_content(mutt_t) ++userdom_use_user_terminals(mutt_t) ++ ++ ++optional_policy(` ++ gpg_domtrans(mutt_t) ++') ++ ++tunable_policy(`gentoo_try_dontaudit',` ++ kernel_dontaudit_search_sysctl(mutt_t) ++') +--- apps/mutt.fc 1970-01-01 01:00:00.000000000 +0100 ++++ apps/mutt.fc 2011-01-16 13:56:03.314000081 +0100 +@@ -0,0 +1,4 @@ ++/usr/bin/mutt -- gen_context(system_u:object_r:mutt_exec_t,s0) ++HOME_DIR/\.mutt(/.*)? gen_context(system_u:object_r:mutt_home_t,s0) ++HOME_DIR/\.muttrc -- gen_context(system_u:object_r:mutt_conf_t,s0) ++/etc/mutt(/.*)? gen_context(system_u:object_r:mutt_sys_conf_t,s0) diff --git a/sec-policy/selinux-mutt/selinux-mutt-2.20101213-r2.ebuild b/sec-policy/selinux-mutt/selinux-mutt-2.20101213-r2.ebuild new file mode 100644 index 000000000000..90e733239f5f --- /dev/null +++ b/sec-policy/selinux-mutt/selinux-mutt-2.20101213-r2.ebuild @@ -0,0 +1,15 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-mutt/selinux-mutt-2.20101213-r2.ebuild,v 1.1 2011/03/07 02:46:52 blueness Exp $ + +IUSE="" + +MODS="mutt" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for general applications" + +KEYWORDS="~amd64 ~x86" + +POLICY_PATCH="${FILESDIR}/add-apps-mutt-r2.patch" diff --git a/sec-policy/selinux-postfix/Manifest b/sec-policy/selinux-postfix/Manifest index a02d6e3da358..9f547bb718d5 100644 --- a/sec-policy/selinux-postfix/Manifest +++ b/sec-policy/selinux-postfix/Manifest @@ -1,10 +1,12 @@ +AUX fix-services-postfix-r1.patch 4146 RMD160 84d2f75dd8bae5ece03a29c90b8f3e12e6741b41 SHA1 76583050136ef3ffa70219a425c1d23fae527448 SHA256 2deac08168286051c3faedc801388e8de87ff5241b76294ea10a520209ff747d DIST refpolicy-2.20090730.tar.bz2 489840 RMD160 d1d157a5ad243edd5d216504ed697f128420e8c1 SHA1 af479258b4e78b8bd7aa2a23dead49f4d61a552f SHA256 745077f6db86646458fe65df82eaa6ffc8491752e511d2a7397f4b46bd478f03 DIST refpolicy-2.20091215.tar.bz2 502893 RMD160 d4951a3d2025630734c4664dca0cc8297a354275 SHA1 3a64189cda00475d60b70ed0876b3e297ad463c6 SHA256 8c264680d130e7d0e0a49ee80d54a3fbdf083bc341c7f7516b5edef34e222ca5 DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de DIST refpolicy-20080525.tar.bz2 336603 RMD160 c4e846a5506164f8c89994df4bbd05b396f60639 SHA1 7764f2f6c60a530abb461256335b70a288bb65f9 SHA256 122a12924ef7b1348d676214590a0ed92960fbde053ea5a666e5179e0fd66ab2 EBUILD selinux-postfix-2.20090730.ebuild 360 RMD160 f5c64dc404c84fdab8686c3eba0fda12ab8ff5b1 SHA1 35659a9619160e3ac5cf98e863d8ec269811faa3 SHA256 e5df37aec971499ecd38bff25c97d516b6f044b63784836857def19e245e6e90 EBUILD selinux-postfix-2.20091215.ebuild 360 RMD160 c7bc9aefea1e99dc152be0d11499328e5593349f SHA1 4c31b4192b486ec634ad41fd55e81453d9271702 SHA256 cb4fd40e948be42ed132ba0e0810a153e0a6c587dbb7f82ab3521a6e42fd544c +EBUILD selinux-postfix-2.20101213-r1.ebuild 421 RMD160 a57c67182e195869f1d42104729e51ae7bace168 SHA1 b286dfe78f43abf4ea9ce6f39a95bc4770a8a76f SHA256 690320c2d2ef1052d29b1f94e376975d4087ba1c141a569ade47278d2c781f8d EBUILD selinux-postfix-2.20101213.ebuild 360 RMD160 2447e4b784a33d27f7709abcf6ca9c6d7841da14 SHA1 3e2ec5ead94147e7d19e3ecfe1ae968c6bf4c784 SHA256 12032945a7fcb02e8ef7941cdef7f0badd8bfd18727d2adee01427e68f76fb43 EBUILD selinux-postfix-20080525.ebuild 356 RMD160 6f8631c30c1f9521d06bd60f48a6569a990adebf SHA1 1b5bb4f3e700beb99c5e6088008d636c4d061fac SHA256 c119bd8004bc8487e992014ef266a0de4eeb9bb1cca394cadf39b3913b043cfe -MISC ChangeLog 4953 RMD160 657ad399c81803fabdab8a8704f8f9c74facd0f6 SHA1 bd9e06e364507243b73cd87e89f3500124014b73 SHA256 c442a5d6e5e3574eaa8bafc75c5cd799e3709218927f14ea488e0ace2ea13f7c +MISC ChangeLog 5155 RMD160 304e98ba1778c85acbfe8afd1284f084d871d9fb SHA1 0d0ac55755c6fda5f0b074c05488ca1f32e26df3 SHA256 6e150489a5dd8d26066d3893d0b70d5da2bbaceadc0c16ca67dc721b5f1c8f97 MISC metadata.xml 231 RMD160 a74f4d0ea728b9b1293a4245404ac2f86343cde4 SHA1 e442d59cd349944548484d3274d6c0e00086056f SHA256 459b7eb495b910e93d0bc072cc141a3aed301b3142940b6371d4473254257475 -- cgit v1.2.3-65-gdbad