Merge pull request #608 from montjoie/dovecot

dovecot: add missing permissions
2023-04-17 10:17:53 -04:00 · 2023-04-17 10:17:53 -04:00 · 218c42f592
commit 218c42f592
parent 7831981d0d ac6b47c71d
1 changed files with 6 additions and 1 deletions
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@ -124,8 +124,9 @@ create_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
 setattr_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
 logging_log_filetrans(dovecot_t, dovecot_var_log_t, { file dir })

+allow dovecot_t dovecot_spool_t:dir watch;
 manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
-manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
+mmap_manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
 manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)

 manage_dirs_pattern(dovecot_t, dovecot_runtime_t, dovecot_runtime_t)
@ -337,6 +338,8 @@ optional_policy(`
 # Deliver local policy
 #

+allow dovecot_deliver_t self:process signal;
+
 allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;

 append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
@ -355,6 +358,8 @@ can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)

 allow dovecot_deliver_t dovecot_t:process signull;

+allow dovecot_deliver_t dovecot_spool_t:file map;
+
 fs_getattr_all_fs(dovecot_deliver_t)

 auth_use_nsswitch(dovecot_deliver_t)