Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Mon, 01 Sep 2014 20:11:31
Message-Id:	`1409602058.c604f614aeae6674059c83c4e1d574a1c115e7df.swift@gentoo`

1	commit: c604f614aeae6674059c83c4e1d574a1c115e7df
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Mon Sep 1 20:07:38 2014 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Mon Sep 1 20:07:38 2014 +0000
6	URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c604f614
7
8	After succesful authentication, the courier_pop_t session uses setuid/setgid to switch to the proper user credentials to access the user mailbox
9
10	---
11	policy/modules/contrib/courier.te \| 4 ++++
12	1 file changed, 4 insertions(+)
13
14	diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te
15	index 4fdfade..58faaf7 100644
16	--- a/policy/modules/contrib/courier.te
17	+++ b/policy/modules/contrib/courier.te
18	@@ -201,6 +201,10 @@ ifdef(`distro_gentoo',`
19	#
20	# Courier imap/pop daemon policy
21	#
22	+
23	+ # Switch after succesfull authentication
24	+ allow courier_pop_t self:capability { setuid setgid };
25	+
26	files_search_var_lib(courier_pop_t)
27	search_dirs_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t)
28	read_lnk_files_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t)