From: aranea@aixah.de (Luis Ressel) Date: Sun, 17 Sep 2017 22:47:14 +0200 Subject: [refpolicy] [PATCH 1/3] postfix: Some table drivers (notably cdb) need to mmap() their databases In-Reply-To: References: <20170911031829.4163-1-aranea@aixah.de> Message-ID: <20170917224714.3eab21c5@vega.skynet.aixah.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 17 Sep 2017 10:10:34 -0400 Chris PeBenito wrote: > On 09/10/2017 11:18 PM, Luis Ressel via refpolicy wrote: > > This change also grants exim (the other caller of the > > mta_read_aliases interface) to map the mail aliases, but that seems > > minor enough not to warrant the creation of a new interface. > > --- > > mta.if | 2 +- > > postfix.te | 4 ++-- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/mta.if b/mta.if > > index 2b99dd5..8565982 100644 > > --- a/mta.if > > +++ b/mta.if > > @@ -586,7 +586,7 @@ interface(`mta_read_aliases',` > > ') > > > > files_search_etc($1) > > - allow $1 etc_aliases_t:file read_file_perms; > > + allow $1 etc_aliases_t:file { read_file_perms map }; > > ') > > > > ######################################## > > Merged, the above. The below already came in from Jason Zaman. Umm, this wasn't supposed to be merged. I submitted a second revision of this patch based on your feedback, and you merged it last Tuesday (commit b17eacb). Please revert commit ac27e919; I'm sorry about the confusion. When I wrote earlier today that one of my postfix patches was still waiting to be merged, I was refering to "postfix: Silence cap_dac_read_search denials". Regards, Luis Ressel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170917/1d6b7304/attachment-0001.bin