nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #608 from montjoie/dovecot

Browse Source 
dovecot: add missing permissions
This commit is contained in:
Chris PeBenito 2023-04-17 10:17:53 -04:00 committed by GitHub
commit 218c42f592
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/modules/services/dovecot.te
View File

@ -124,8 +124,9 @@ create_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
setattr_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t) setattr_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
logging_log_filetrans(dovecot_t, dovecot_var_log_t, { file dir }) logging_log_filetrans(dovecot_t, dovecot_var_log_t, { file dir })
allow dovecot_t dovecot_spool_t:dir watch;
manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t) manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t) mmap_manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t) manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
manage_dirs_pattern(dovecot_t, dovecot_runtime_t, dovecot_runtime_t) manage_dirs_pattern(dovecot_t, dovecot_runtime_t, dovecot_runtime_t)
@ -337,6 +338,8 @@ optional_policy(`
# Deliver local policy # Deliver local policy
# #
allow dovecot_deliver_t self:process signal;
allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms; allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t) append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
@ -355,6 +358,8 @@ can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
allow dovecot_deliver_t dovecot_t:process signull; allow dovecot_deliver_t dovecot_t:process signull;
allow dovecot_deliver_t dovecot_spool_t:file map;
fs_getattr_all_fs(dovecot_deliver_t) fs_getattr_all_fs(dovecot_deliver_t)
auth_use_nsswitch(dovecot_deliver_t) auth_use_nsswitch(dovecot_deliver_t)