rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Dovecot patch from Dan Walsh.

Browse Source
This commit is contained in:
Chris PeBenito 2010-01-07 11:50:47 -05:00
parent 14c7865f1f
commit 4dd84bbf0e
1 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
policy/modules/services/dovecot.te
View File

@ -1,5 +1,5 @@
policy_module(dovecot, 1.11.0) policy_module(dovecot, 1.11.1)
######################################## ########################################
# #
@ -56,7 +56,7 @@ files_pid_file(dovecot_var_run_t)
allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot }; allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot };
dontaudit dovecot_t self:capability sys_tty_config; dontaudit dovecot_t self:capability sys_tty_config;
allow dovecot_t self:process { setrlimit signal_perms }; allow dovecot_t self:process { setrlimit signal_perms getcap setcap };
allow dovecot_t self:fifo_file rw_fifo_file_perms; allow dovecot_t self:fifo_file rw_fifo_file_perms;
allow dovecot_t self:tcp_socket create_stream_socket_perms; allow dovecot_t self:tcp_socket create_stream_socket_perms;
allow dovecot_t self:unix_dgram_socket create_socket_perms; allow dovecot_t self:unix_dgram_socket create_socket_perms;
@ -159,7 +159,7 @@ optional_policy(`
# #
allow dovecot_auth_t self:capability { chown dac_override setgid setuid }; allow dovecot_auth_t self:capability { chown dac_override setgid setuid };
allow dovecot_auth_t self:process signal_perms; allow dovecot_auth_t self:process { signal_perms getcap setcap };
allow dovecot_auth_t self:fifo_file rw_fifo_file_perms; allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
allow dovecot_auth_t self:unix_dgram_socket create_socket_perms; allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms; allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
@ -208,6 +208,11 @@ seutil_dontaudit_search_config(dovecot_auth_t)
optional_policy(` optional_policy(`
kerberos_use(dovecot_auth_t) kerberos_use(dovecot_auth_t)
# for gssapi (kerberos)
userdom_list_user_tmp(dovecot_auth_t)
userdom_read_user_tmp_files(dovecot_auth_t)
userdom_read_user_tmp_symlinks(dovecot_auth_t)
') ')
optional_policy(` optional_policy(`
@ -257,6 +262,16 @@ userdom_manage_user_home_content_pipes(dovecot_deliver_t)
userdom_manage_user_home_content_sockets(dovecot_deliver_t) userdom_manage_user_home_content_sockets(dovecot_deliver_t)
userdom_user_home_dir_filetrans_user_home_content(dovecot_deliver_t, { dir file lnk_file fifo_file sock_file }) userdom_user_home_dir_filetrans_user_home_content(dovecot_deliver_t, { dir file lnk_file fifo_file sock_file })
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files(dovecot_t)
fs_manage_nfs_symlinks(dovecot_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files(dovecot_t)
fs_manage_cifs_symlinks(dovecot_t)
')
optional_policy(` optional_policy(`
mta_manage_spool(dovecot_deliver_t) mta_manage_spool(dovecot_deliver_t)
') ')