From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 04 May 2011 09:13:50 -0400
Subject: [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d
 communication
In-Reply-To: <20110502202212.GA23472@siphos.be>
References: <20110309210734.GA4670@siphos.be> <4D8899C1.1090702@tresys.com>
	<20110502202212.GA23472@siphos.be>
Message-ID: <4DC1510E.7000300@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/02/11 16:22, Sven Vermeulen wrote:
> On Tue, Mar 22, 2011 at 08:44:49AM -0400, Christopher J. PeBenito wrote:
>>> +manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>>
>> It sounds like this should be create_dirs_pattern instead.
> 
> Indeed, create_dirs_pattern is sufficient here. Retry ;-)
> 
> During startup, authdaemon creates /var/lib/courier/authdaemon and creates a
> socket for communication with courier imapd and pop3d daemons.

Merged.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/courier.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
> index 7e7444c..23ddb7d 100644
> --- a/policy/modules/services/courier.te
> +++ b/policy/modules/services/courier.te
> @@ -52,7 +52,9 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
>  allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
>  allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
>  
> +create_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>  manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
> +manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>  files_search_spool(courier_authdaemon_t)
>  
>  corecmd_search_bin(courier_authdaemon_t)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com