diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-31 17:09:58 +0100 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2015-01-02 18:18:14 +0100 |
| commit | 9afb261dcdc120ce6467c25d435310ffea31b64b (patch) | |
| tree | 02e34b0f898579bcf003dada5eb5664ac8f4b009 | |
| parent | Execute courier helper script after authentication (diff) | |
| download | hardened-refpolicy-9afb261dcdc120ce6467c25d435310ffea31b64b.tar.gz hardened-refpolicy-9afb261dcdc120ce6467c25d435310ffea31b64b.tar.bz2 hardened-refpolicy-9afb261dcdc120ce6467c25d435310ffea31b64b.zip | |
Courier IMAP needs to manage the users' maildir
Without these permissions, the logon immediately terminates and the
following shows up in the logs:
Dec 30 19:45:33 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 30 19:45:33 localhost imapd: chdir .maildir: Permission denied
Dec 30 19:45:33 localhost imapd: root: Permission denied
The first denial (and many similar ones follow when granted):
type=AVC msg=audit(1419968733.163:197): avc: denied { search } for
pid=4292 comm="courier-imapd" name=".maildir" dev="vda3" ino=393221
scontext=system_u:system_r:courier_pop_t:s0
tcontext=root:object_r:mail_home_rw_t:s0 tclass=dir
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
| -rw-r--r-- | policy/modules/contrib/courier.te | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te index e3a3b84a7..4746644ec 100644 --- a/policy/modules/contrib/courier.te +++ b/policy/modules/contrib/courier.te @@ -148,8 +148,7 @@ corecmd_exec_shell(courier_pop_t) miscfiles_read_localization(courier_pop_t) -userdom_manage_user_home_content_files(courier_pop_t) -userdom_manage_user_home_content_dirs(courier_pop_t) +mta_manage_mail_home_rw_content(courier_pop_t) ######################################## # |