Fix filecontexts

Package-Manager: portage-2.1.9.25/cvs/Linux x86_64

3 files changed, 85 insertions, 1 deletions

diff --git a/sec-policy/selinux-postfix/ChangeLog b/sec-policy/selinux-postfix/ChangeLog
index cdb71326efc7..277e26ef25c0 100644
--- a/sec-policy/selinux-postfix/ChangeLog
+++ b/sec-policy/selinux-postfix/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sec-policy/selinux-postfix
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/ChangeLog,v 1.31 2011/02/05 12:07:12 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/ChangeLog,v 1.32 2011/03/07 02:50:05 blueness Exp $
+
+*selinux-postfix-2.20101213-r1 (07 Mar 2011)
+
+  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/fix-services-postfix-r1.patch,
+  +selinux-postfix-2.20101213-r1.ebuild:
+  Fix filecontexts
 
 *selinux-postfix-2.20101213 (05 Feb 2011)
 
diff --git a/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch b/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch
new file mode 100644
index 000000000000..da3e0adb35bb
--- /dev/null
+++ b/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch
@@ -0,0 +1,63 @@
+--- services/postfix.te	2010-08-03 15:11:07.000000000 +0200
++++ services/postfix.te	2011-03-03 17:48:25.952999995 +0100
+@@ -93,7 +93,7 @@
+ #
+ 
+ # chown is to set the correct ownership of queue dirs
+-allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config };
++allow postfix_master_t self:capability { chown dac_override kill setgid setuid net_bind_service sys_tty_config dac_read_search };
+ allow postfix_master_t self:fifo_file rw_fifo_file_perms;
+ allow postfix_master_t self:tcp_socket create_stream_socket_perms;
+ allow postfix_master_t self:udp_socket create_socket_perms;
+@@ -589,6 +589,7 @@
+ # for OpenSSL certificates
+ files_read_usr_files(postfix_smtpd_t)
+ mta_read_aliases(postfix_smtpd_t)
++mta_read_config(postfix_smtpd_t)
+ 
+ optional_policy(`
+ 	dovecot_stream_connect_auth(postfix_smtpd_t)
+--- services/postfix.fc	2010-08-03 15:11:07.000000000 +0200
++++ services/postfix.fc	2011-03-03 15:12:19.081999996 +0100
+@@ -16,24 +16,27 @@
+ /usr/libexec/postfix/pipe --	gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
+ /usr/libexec/postfix/virtual --	gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
+ ', `
+-/usr/lib/postfix/.*	--	gen_context(system_u:object_r:postfix_exec_t,s0)
+-/usr/lib/postfix/cleanup --	gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
+-/usr/lib/postfix/local	--	gen_context(system_u:object_r:postfix_local_exec_t,s0)
+-/usr/lib/postfix/master	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
+-/usr/lib/postfix/pickup	--	gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
+-/usr/lib/postfix/(n)?qmgr --	gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
+-/usr/lib/postfix/showq	--	gen_context(system_u:object_r:postfix_showq_exec_t,s0)
+-/usr/lib/postfix/smtp	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
+-/usr/lib/postfix/lmtp	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
+-/usr/lib/postfix/scache	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
+-/usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
+-/usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
+-/usr/lib/postfix/pipe	--	gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
+-/usr/lib/postfix/virtual --	gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
++/usr/lib(64)?/postfix/.*	--	gen_context(system_u:object_r:postfix_exec_t,s0)
++/usr/lib(64)?/postfix/cleanup --	gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
++/usr/lib(64)?/postfix/local	--	gen_context(system_u:object_r:postfix_local_exec_t,s0)
++/usr/lib(64)?/postfix/master	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
++/usr/lib(64)?/postfix/pickup	--	gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
++/usr/lib(64)?/postfix/(n)?qmgr --	gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
++/usr/lib(64)?/postfix/showq	--	gen_context(system_u:object_r:postfix_showq_exec_t,s0)
++/usr/lib(64)?/postfix/smtp	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
++/usr/lib(64)?/postfix/lmtp	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
++/usr/lib(64)?/postfix/scache	--	gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
++/usr/lib(64)?/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
++/usr/lib(64)?/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
++/usr/lib(64)?/postfix/pipe	--	gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
++/usr/lib(64)?/postfix/virtual --	gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
++/usr/lib(64)?/postfix/postfix-script.*	--	gen_context(system_u:object_r:postfix_exec_t,s0)
+ ')
+ /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
+ /etc/postfix/prng_exch	--	gen_context(system_u:object_r:postfix_prng_t,s0)
++ifndef(`distro_gentoo',`
+ /usr/sbin/postalias	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
++')
+ /usr/sbin/postcat	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
+ /usr/sbin/postdrop	--	gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
+ /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff --git a/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild b/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild
new file mode 100644
index 000000000000..1500d8725864
--- /dev/null
+++ b/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild
@@ -0,0 +1,14 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild,v 1.1 2011/03/07 02:50:05 blueness Exp $
+
+MODS="postfix"
+IUSE=""
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for postfix"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-postfix-r1.patch"