From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 9 Mar 2011 22:06:21 +0100
Subject: [refpolicy] [PATCH 02/15] Allow authdaemon to create
	unix_stream_sockets
Message-ID: <20110309210621.GA4666@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The authdaemon needs the create_stream_socket_perms privs in order to be able to start up.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/courier.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 2802dbb..55d64bc 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -37,7 +37,7 @@ typealias courier_sqwebmail_exec_t alias sqwebmail_cron_exec_t;
 #
 
 allow courier_authdaemon_t self:capability { setuid setgid sys_tty_config };
-allow courier_authdaemon_t self:unix_stream_socket connectto;
+allow courier_authdaemon_t self:unix_stream_socket { create_stream_socket_perms connectto };
 
 can_exec(courier_authdaemon_t, courier_exec_t)
 
-- 
1.7.3.4