diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te index b52545ac..64bc566b 100644 --- a/policy/modules/services/dovecot.te +++ b/policy/modules/services/dovecot.te @@ -26,6 +26,9 @@ domain_type(dovecot_deliver_t) domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t) role system_r types dovecot_deliver_t; +type dovecot_deliver_tmp_t; +files_tmp_file(dovecot_deliver_tmp_t) + type dovecot_etc_t; files_config_file(dovecot_etc_t) @@ -268,6 +271,10 @@ allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms; append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t) +manage_dirs_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t) +manage_files_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t) +files_tmp_filetrans(dovecot_deliver_t, dovecot_deliver_tmp_t, { file dir }) + can_exec(dovecot_deliver_t, dovecot_deliver_exec_t) kernel_read_all_sysctls(dovecot_deliver_t) diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te index 81e8d3c7..0a0074cb 100644 --- a/policy/modules/services/tor.te +++ b/policy/modules/services/tor.te @@ -42,6 +42,8 @@ files_pid_file(tor_var_run_t) # allow tor_t self:capability { setgid setuid sys_tty_config }; +allow tor_t self:process signal; + allow tor_t self:fifo_file rw_fifo_file_perms; allow tor_t self:unix_stream_socket create_stream_socket_perms; allow tor_t self:netlink_route_socket r_netlink_socket_perms;