From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 30 Dec 2014 21:21:35 +0100 Subject: [refpolicy] [PATCH 2/6] Locate authdaemon socket and communicate with authdaemon In-Reply-To: <1419970899-19892-1-git-send-email-sven.vermeulen@siphos.be> References: <1419970899-19892-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1419970899-19892-3-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Without this, authentication fails. The following is shown in the logs: Dec 30 19:36:54 localhost imapd: Connection, ip=[::ffff:192.168.100.152] Dec 30 19:36:54 localhost imapd: authdaemon: s_connect() failed: Permission denied Dec 30 19:36:54 localhost imapd: LOGIN FAILED, user=root, ip=[::ffff:192.168.100.152] Dec 30 19:36:54 localhost imapd: authentication error: Permission denied Through logon, the daemon (courier_pop_t) wants to locate the socket in /var/lib/courier to initiate communication with the authdaemon. Signed-off-by: Sven Vermeulen --- courier.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/courier.te b/courier.te index 112a60b..c4ab936 100644 --- a/courier.te +++ b/courier.te @@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_s allow courier_pop_t courier_var_lib_t:file { read write }; +stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t) + domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t, courier_authdaemon_t) miscfiles_read_localization(courier_pop_t) -- 2.0.5