Allow dovecot-deliver to create tmp files

Allow tor to send signals to itself
This commit is contained in:
Miroslav Grepl 2010-09-13 13:12:24 +02:00
parent d7de04f8d4
commit 3a3212619a
2 changed files with 9 additions and 0 deletions

View File

@ -26,6 +26,9 @@ domain_type(dovecot_deliver_t)
domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t) domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t)
role system_r types dovecot_deliver_t; role system_r types dovecot_deliver_t;
type dovecot_deliver_tmp_t;
files_tmp_file(dovecot_deliver_tmp_t)
type dovecot_etc_t; type dovecot_etc_t;
files_config_file(dovecot_etc_t) files_config_file(dovecot_etc_t)
@ -268,6 +271,10 @@ allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t) append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
manage_dirs_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
manage_files_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
files_tmp_filetrans(dovecot_deliver_t, dovecot_deliver_tmp_t, { file dir })
can_exec(dovecot_deliver_t, dovecot_deliver_exec_t) can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
kernel_read_all_sysctls(dovecot_deliver_t) kernel_read_all_sysctls(dovecot_deliver_t)

View File

@ -42,6 +42,8 @@ files_pid_file(tor_var_run_t)
# #
allow tor_t self:capability { setgid setuid sys_tty_config }; allow tor_t self:capability { setgid setuid sys_tty_config };
allow tor_t self:process signal;
allow tor_t self:fifo_file rw_fifo_file_perms; allow tor_t self:fifo_file rw_fifo_file_perms;
allow tor_t self:unix_stream_socket create_stream_socket_perms; allow tor_t self:unix_stream_socket create_stream_socket_perms;
allow tor_t self:netlink_route_socket r_netlink_socket_perms; allow tor_t self:netlink_route_socket r_netlink_socket_perms;