dovecot: add missing permissions

I use dovecot for IMAP hosting and several rules are missing.

Signed-off-by: Corentin LABBE <clabbe.montjoie@gmail.com>
This commit is contained in:
Corentin LABBE 2023-03-21 12:43:53 +01:00
parent 8e8f5e3ca3
commit ac6b47c71d

View File

@ -124,8 +124,9 @@ create_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
setattr_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
logging_log_filetrans(dovecot_t, dovecot_var_log_t, { file dir })
allow dovecot_t dovecot_spool_t:dir watch;
manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
mmap_manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
manage_dirs_pattern(dovecot_t, dovecot_runtime_t, dovecot_runtime_t)
@ -337,6 +338,8 @@ optional_policy(`
# Deliver local policy
#
allow dovecot_deliver_t self:process signal;
allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
@ -355,6 +358,8 @@ can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
allow dovecot_deliver_t dovecot_t:process signull;
allow dovecot_deliver_t dovecot_spool_t:file map;
fs_getattr_all_fs(dovecot_deliver_t)
auth_use_nsswitch(dovecot_deliver_t)