dovecot: add missing permissions

I use dovecot for IMAP hosting and several rules are missing. Signed-off-by: Corentin LABBE <clabbe.montjoie@gmail.com>
2023-03-21 12:43:53 +01:00 · 2023-03-21 12:43:53 +01:00 · ac6b47c71d
commit ac6b47c71d
parent 8e8f5e3ca3
1 changed files with 6 additions and 1 deletions
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@ -124,8 +124,9 @@ create_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
 setattr_files_pattern(dovecot_t, dovecot_var_log_t, dovecot_var_log_t)
 logging_log_filetrans(dovecot_t, dovecot_var_log_t, { file dir })

+allow dovecot_t dovecot_spool_t:dir watch;
 manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
-manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
+mmap_manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
 manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)

 manage_dirs_pattern(dovecot_t, dovecot_runtime_t, dovecot_runtime_t)
@ -337,6 +338,8 @@ optional_policy(`
 # Deliver local policy
 #

+allow dovecot_deliver_t self:process signal;
+
 allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;

 append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
@ -355,6 +358,8 @@ can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)

 allow dovecot_deliver_t dovecot_t:process signull;

+allow dovecot_deliver_t dovecot_spool_t:file map;
+
 fs_getattr_all_fs(dovecot_deliver_t)

 auth_use_nsswitch(dovecot_deliver_t)