SELinux update CentOS 8

Former-commit-id: 2b855b9
E-F-A · Aug 23, 2020 · ff82084 · ff82084
1 parent f1d5bff
commit ff82084
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/rpmbuild/SOURCES/eFa-4.0.2/eFa/eFa8.te b/rpmbuild/SOURCES/eFa-4.0.2/eFa/eFa8.te
@@ -1,5 +1,5 @@
 
-module eFa 1.0.23;
+module eFa 1.0.24;
 
 type mailwatchsql_etc_t;
 type sqlgreysql_etc_t;
@@ -115,6 +115,7 @@ require {
     type mysqld_var_run_t;
     type rsync_t;
     type gssproxy_t;
+    type setroubleshootd_t;
     class file { getattr open read ioctl execute create lock append write unlink setattr execute_no_trans rename map };
     class dir { getattr read open search write add_name setattr create remove_name ioctl rmdir };
     class sock_file { getattr write };
@@ -303,7 +304,6 @@ dontaudit httpd_sys_script_t ntpd_t:dir { getattr search };
 dontaudit httpd_sys_script_t ntpd_t:file { read open };
 dontaudit httpd_sys_script_t dhcpc_t:dir { getattr search };
 dontaudit httpd_sys_script_t dhcpc_t:file { read open };
-# CentOS 8
 dontaudit httpd_sys_script_t sssd_t:dir { getattr search };
 dontaudit httpd_sys_script_t sssd_t:file { read open };
 dontaudit httpd_sys_script_t systemd_resolved_t:dir { getattr search };
@@ -314,6 +314,8 @@ dontaudit httpd_sys_script_t gpg_agent_t:dir { getattr search };
 dontaudit httpd_sys_script_t gpg_agent_t:file { read open };
 dontaudit httpd_sys_script_t gssproxy_t:dir { getattr search };
 dontaudit httpd_sys_script_t gssproxy_t:file { read open };
+dontaudit httpd_sys_script_t setroubleshootd_t:dir { getattr search };
+dontaudit httpd_sys_script_t setroubleshootd_t:file { read open };
 
 # allow spamassassin and mailscanner lint
 allow httpd_sys_script_t etc_mail_t:dir search;
@@ -416,6 +418,7 @@ allow mscan_t httpd_sys_content_t:file getattr;
 allow mscan_t self:capability dac_override;
 allow mscan_t mysqld_var_run_t:sock_file { write };
 allow mscan_t mscan_t:process { setsched };
+allow mscan_t antivirus_var_run_t:sock_file { getattr write };
 
 #============= greylist_milter_t ==============
 allow greylist_milter_t self:capability { kill dac_override };

diff --git a/rpmbuild/SPECS/eFa4.spec b/rpmbuild/SPECS/eFa4.spec
@@ -26,7 +26,7 @@
 Name:      eFa
 Summary:   eFa Maintenance rpm
 Version:   4.0.2
-Release:   26.eFa%{?dist}
+Release:   27.eFa%{?dist}
 Epoch:     1
 Group:     Applications/System
 URL:       https://efa-project.org
@@ -468,6 +468,9 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644, root, root) %{_sysconfdir}/logrotate.d/eFa-logrotate
 
 %changelog
+* Sun Aug 23 2020 eFa Project <[email protected]> - 4.0.2-27
+- SELinux update
+
 * Sat Aug 22 2020 eFa Project <[email protected]> - 4.0.2-26
 - SELinux update