[refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication
@ 2011-03-09 21:07 Sven Vermeulen
  2011-03-22 12:44 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Sven Vermeulen @ 2011-03-09 21:07 UTC (permalink / raw)
  To: refpolicy

During startup, authdaemon creates /var/lib/courier/authdaemon and creates 
a socket for communication with courier imapd and pop3d daemons

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/courier.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 55d64bc..877bab8 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -52,7 +52,9 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
 
+manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
 manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
+manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
 files_search_spool(courier_authdaemon_t)
 
 corecmd_search_bin(courier_authdaemon_t)
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication
  2011-03-09 21:07 [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication Sven Vermeulen
@ 2011-03-22 12:44 ` Christopher J. PeBenito
  2011-05-02 20:22   ` Sven Vermeulen
  0 siblings, 1 reply; 4+ messages in thread
From: Christopher J. PeBenito @ 2011-03-22 12:44 UTC (permalink / raw)
  To: refpolicy

On 03/09/11 16:07, Sven Vermeulen wrote:
> During startup, authdaemon creates /var/lib/courier/authdaemon and creates 
> a socket for communication with courier imapd and pop3d daemons
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/courier.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
> index 55d64bc..877bab8 100644
> --- a/policy/modules/services/courier.te
> +++ b/policy/modules/services/courier.te
> @@ -52,7 +52,9 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
>  allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
>  allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
>  
> +manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)

It sounds like this should be create_dirs_pattern instead.

>  manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
> +manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>  files_search_spool(courier_authdaemon_t)
>  
>  corecmd_search_bin(courier_authdaemon_t)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication
  2011-03-22 12:44 ` Christopher J. PeBenito
@ 2011-05-02 20:22   ` Sven Vermeulen
  2011-05-04 13:13     ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Sven Vermeulen @ 2011-05-02 20:22 UTC (permalink / raw)
  To: refpolicy

On Tue, Mar 22, 2011 at 08:44:49AM -0400, Christopher J. PeBenito wrote:
> > +manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
> 
> It sounds like this should be create_dirs_pattern instead.

Indeed, create_dirs_pattern is sufficient here. Retry ;-)

During startup, authdaemon creates /var/lib/courier/authdaemon and creates a
socket for communication with courier imapd and pop3d daemons.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/courier.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 7e7444c..23ddb7d 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -52,7 +52,9 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
 allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
 allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
 
+create_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
 manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
+manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
 files_search_spool(courier_authdaemon_t)
 
 corecmd_search_bin(courier_authdaemon_t)
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication
  2011-05-02 20:22   ` Sven Vermeulen
@ 2011-05-04 13:13     ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2011-05-04 13:13 UTC (permalink / raw)
  To: refpolicy

On 05/02/11 16:22, Sven Vermeulen wrote:
> On Tue, Mar 22, 2011 at 08:44:49AM -0400, Christopher J. PeBenito wrote:
>>> +manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>>
>> It sounds like this should be create_dirs_pattern instead.
> 
> Indeed, create_dirs_pattern is sufficient here. Retry ;-)
> 
> During startup, authdaemon creates /var/lib/courier/authdaemon and creates a
> socket for communication with courier imapd and pop3d daemons.

Merged.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/courier.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
> index 7e7444c..23ddb7d 100644
> --- a/policy/modules/services/courier.te
> +++ b/policy/modules/services/courier.te
> @@ -52,7 +52,9 @@ allow courier_authdaemon_t courier_tcpd_t:fd use;
>  allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_perms;
>  allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms;
>  
> +create_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>  manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courier_spool_t)
> +manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
>  files_search_spool(courier_authdaemon_t)
>  
>  corecmd_search_bin(courier_authdaemon_t)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-05-04 13:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-09 21:07 [refpolicy] [PATCH 03/15] Allow socket creation for imapd/pop3d communication Sven Vermeulen
2011-03-22 12:44 ` Christopher J. PeBenito
2011-05-02 20:22   ` Sven Vermeulen
2011-05-04 13:13     ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.