diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2015-01-02 18:21:24 +0100 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2015-01-02 18:21:24 +0100 |
| commit | 3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5 (patch) | |
| tree | 22d2e78861c3987fb3aed453d2c93c8bc16317d5 | |
| parent | Module version bump for courier fixes from Sven Vermeulen. (diff) | |
| download | hardened-refpolicy-3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5.tar.gz hardened-refpolicy-3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5.tar.bz2 hardened-refpolicy-3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5.zip | |
Merge with upstream done, remove gentoo specifics
| -rw-r--r-- | policy/modules/contrib/courier.fc | 5 | ||||
| -rw-r--r-- | policy/modules/contrib/courier.if | 38 | ||||
| -rw-r--r-- | policy/modules/contrib/courier.te | 19 |
3 files changed, 1 insertions, 61 deletions
diff --git a/policy/modules/contrib/courier.fc b/policy/modules/contrib/courier.fc index c0f288be..2f017a07 100644 --- a/policy/modules/contrib/courier.fc +++ b/policy/modules/contrib/courier.fc @@ -30,8 +30,3 @@ /var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spool_t,s0) /var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0) - -ifdef(`distro_gentoo',` -# Default location for authdaemon socket, should be /var/run imo but meh -/var/lib/courier/authdaemon(/.*)? gen_context(system_u:object_r:courier_var_run_t,s0) -') diff --git a/policy/modules/contrib/courier.if b/policy/modules/contrib/courier.if index 0705659e..10f820fc 100644 --- a/policy/modules/contrib/courier.if +++ b/policy/modules/contrib/courier.if @@ -188,41 +188,3 @@ interface(`courier_rw_spool_pipes',` files_search_var($1) allow $1 courier_spool_t:fifo_file rw_fifo_file_perms; ') - -######################################## -## <summary> -## Allow read/write operations on an inherited stream socket -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`courier_authdaemon_rw_inherited_stream_sockets',` - gen_require(` - type courier_authdaemon_t; - ') - allow $1 courier_authdaemon_t:unix_stream_socket { read write }; -') - - -######################################## -## <summary> -## Connect to Authdaemon using a unix domain stream socket. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`courier_authdaemon_stream_connect',` - gen_require(` - type courier_authdaemon_t, courier_var_run_t; - ') - - stream_connect_pattern($1, courier_var_run_t, courier_var_run_t, courier_authdaemon_t) -') diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te index 2171e043..dd23992a 100644 --- a/policy/modules/contrib/courier.te +++ b/policy/modules/contrib/courier.te @@ -194,23 +194,6 @@ optional_policy(` ifdef(`distro_gentoo',` ######################################## # - # Courier imap/pop daemon policy - # - - # Switch after succesfull authentication (bug 534030) - allow courier_pop_t self:capability { setuid setgid }; - - # Executes script /usr/lib64/courier-imap/courier-imapd.indirect after authentication and to start user session (bug 534030) - corecmd_exec_shell(courier_pop_t) - - # Locate authdaemon socket and communicate with authdaemon (bug 534030) - stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t) - - # Manage maildir of users (bug 534030) - mta_manage_mail_home_rw_content(courier_pop_t) - - ######################################## - # # Courier tcpd daemon policy # @@ -223,6 +206,6 @@ ifdef(`distro_gentoo',` # # Grant authdaemon getattr rights on security_t so that it can check if SELinux is enabled (needed through pam support) (bug 534030) - # selinux_getattr_fs(courier_authdaemon_t) + # Handled through pam use auth_use_pam(courier_authdaemon_t) ') |