Gentoo Archives: gentoo-commits

From:	Jason Zaman <gentoo@×××××××××.com>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/contrib/
Date:	Mon, 01 Sep 2014 21:45:17
Message-Id:	`1409602058.c604f614aeae6674059c83c4e1d574a1c115e7df.perfinion@gentoo`

1	commit: c604f614aeae6674059c83c4e1d574a1c115e7df
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Mon Sep 1 20:07:38 2014 +0000
4	Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
5	CommitDate: Mon Sep 1 20:07:38 2014 +0000
6	URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c604f614
7
8	After succesful authentication, the courier_pop_t session uses setuid/setgid to switch to the proper user credentials to access the user mailbox
9
10	---
11	policy/modules/contrib/courier.te \| 4 ++++
12	1 file changed, 4 insertions(+)
13
14	diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te
15	index 4fdfade..58faaf7 100644
16	--- a/policy/modules/contrib/courier.te
17	+++ b/policy/modules/contrib/courier.te
18	@@ -201,6 +201,10 @@ ifdef(`distro_gentoo',`
19	#
20	# Courier imap/pop daemon policy
21	#
22	+
23	+ # Switch after succesfull authentication
24	+ allow courier_pop_t self:capability { setuid setgid };
25	+
26	files_search_var_lib(courier_pop_t)
27	search_dirs_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t)
28	read_lnk_files_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t)