From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 22 Mar 2011 08:44:49 -0400
Subject: [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d
 communication
In-Reply-To: <20110309210734.GA4670@siphos.be>
References: <20110309210734.GA4670@siphos.be>
Message-ID: <4D8899C1.1090702@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/09/11 16:07, Sven Vermeulen wrote:
> During startup, authdaemon creates /var/lib/courier/authdaemon and creates 
> a socket for communication with courier imapd and pop3d daemons
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/courier.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
> index 55d64bc..877bab8 100644
> --- a/policy/modules/services/courier.te
> +++ b/policy/modules/services/courier.te
> @@ -52,7 +52,9 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
>  allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
>  allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
>  
> +manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)

It sounds like this should be create_dirs_pattern instead.

>  manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
> +manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>  files_search_spool(courier_authdaemon_t)
>  
>  corecmd_search_bin(courier_authdaemon_t)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com