Allow dovecot-deliver to create tmp files
Allow tor to send signals to itself
This commit is contained in:
parent
d7de04f8d4
commit
3a3212619a
@ -26,6 +26,9 @@ domain_type(dovecot_deliver_t)
|
|||||||
domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t)
|
domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t)
|
||||||
role system_r types dovecot_deliver_t;
|
role system_r types dovecot_deliver_t;
|
||||||
|
|
||||||
|
type dovecot_deliver_tmp_t;
|
||||||
|
files_tmp_file(dovecot_deliver_tmp_t)
|
||||||
|
|
||||||
type dovecot_etc_t;
|
type dovecot_etc_t;
|
||||||
files_config_file(dovecot_etc_t)
|
files_config_file(dovecot_etc_t)
|
||||||
|
|
||||||
@ -268,6 +271,10 @@ allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
|
|||||||
|
|
||||||
append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
|
append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
|
||||||
|
|
||||||
|
manage_dirs_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
|
||||||
|
manage_files_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
|
||||||
|
files_tmp_filetrans(dovecot_deliver_t, dovecot_deliver_tmp_t, { file dir })
|
||||||
|
|
||||||
can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
|
can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
|
||||||
|
|
||||||
kernel_read_all_sysctls(dovecot_deliver_t)
|
kernel_read_all_sysctls(dovecot_deliver_t)
|
||||||
|
@ -42,6 +42,8 @@ files_pid_file(tor_var_run_t)
|
|||||||
#
|
#
|
||||||
|
|
||||||
allow tor_t self:capability { setgid setuid sys_tty_config };
|
allow tor_t self:capability { setgid setuid sys_tty_config };
|
||||||
|
allow tor_t self:process signal;
|
||||||
|
|
||||||
allow tor_t self:fifo_file rw_fifo_file_perms;
|
allow tor_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow tor_t self:unix_stream_socket create_stream_socket_perms;
|
allow tor_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow tor_t self:netlink_route_socket r_netlink_socket_perms;
|
allow tor_t self:netlink_route_socket r_netlink_socket_perms;
|
||||||
|
Loading…
Reference in New Issue
Block a user