refpolicy 0.0.20080702-11 needed for Lenny
Below is the changelog. The most important thing is the cron changes without
which cron is essentially unusable for users who aren't in the unconfined_t
domain.
* Create new interface crond_search_dir() and use it to allow crond_t to
search clamd_var_lib_t for amavis cron jobs.
* Allow postfix_cleanup_t to talk to dkim for signing local messages.
* Allow freshclam_t to read the routing table and talk to http_cache_port_t.
* Allow clamd_t to search bin_t and read bin_t links.
* Allow clamd_t to search postfix_spool_t for creation of Unix domain socket
in the sub-directory, this is ugly and a little bit wrong but makes it
easier to configure Postfix.
* Allow semanage_t (for setsebool and semodule) to call statfs().
* Add Asterisk policy module, and grant setcap access.
* Copy the Fedora 10 cron changes to reduce the policy size.
Allow user_t to send sigchld to user_crontab_t and to write to
user_crontab_tmp_t files. Necessary for full functionality!
--
russell@coker.com.au
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
Reply to: