commit: 75128b920489e378bc417e10db1af7ed7edb0742
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Dec 31 16:09:54 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Jan 2 17:18:02 2015 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=75128b92
Locate authdaemon socket and communicate with authdaemon
Without this, authentication fails. The following is shown in the logs:
Dec 30 19:36:54 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 30 19:36:54 localhost imapd: authdaemon: s_connect() failed: Permission
denied
Dec 30 19:36:54 localhost imapd: LOGIN FAILED, user=root,
ip=[::ffff:192.168.100.152]
Dec 30 19:36:54 localhost imapd: authentication error: Permission denied
Through logon, the daemon (courier_pop_t) wants to locate the socket in
/var/lib/courier to initiate communication with the authdaemon.
Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>
---
policy/modules/contrib/courier.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/contrib/courier.te
b/policy/modules/contrib/courier.te
index d59f878..e2b0c0d 100644
--- a/policy/modules/contrib/courier.te
+++ b/policy/modules/contrib/courier.te
@@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket
tcp_socket } rw_stream_s
allow courier_pop_t courier_var_lib_t:file { read write };
+stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t,
courier_authdaemon_t)
+
domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t,
courier_authdaemon_t)
miscfiles_read_localization(courier_pop_t)
