1 |
commit: c604f614aeae6674059c83c4e1d574a1c115e7df |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Mon Sep 1 20:07:38 2014 +0000 |
4 |
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com> |
5 |
CommitDate: Mon Sep 1 20:07:38 2014 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c604f614 |
7 |
|
8 |
After succesful authentication, the courier_pop_t session uses setuid/setgid to switch to the proper user credentials to access the user mailbox |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/courier.te | 4 ++++ |
12 |
1 file changed, 4 insertions(+) |
13 |
|
14 |
diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te |
15 |
index 4fdfade..58faaf7 100644 |
16 |
--- a/policy/modules/contrib/courier.te |
17 |
+++ b/policy/modules/contrib/courier.te |
18 |
@@ -201,6 +201,10 @@ ifdef(`distro_gentoo',` |
19 |
# |
20 |
# Courier imap/pop daemon policy |
21 |
# |
22 |
+ |
23 |
+ # Switch after succesfull authentication |
24 |
+ allow courier_pop_t self:capability { setuid setgid }; |
25 |
+ |
26 |
files_search_var_lib(courier_pop_t) |
27 |
search_dirs_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t) |
28 |
read_lnk_files_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t) |