diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2018-03-25 13:57:11 +0200 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2018-06-14 20:56:53 +0800 |
commit | d61a937aadcff678640a712430f84c5cb9cc7443 (patch) | |
tree | 1e3efcdacc41d72a9144f9708d9bd281c4f3679d | |
parent | Make openoffice user content access optional (diff) | |
download | hardened-refpolicy-d61a937aadcff678640a712430f84c5cb9cc7443.tar.gz hardened-refpolicy-d61a937aadcff678640a712430f84c5cb9cc7443.tar.bz2 hardened-refpolicy-d61a937aadcff678640a712430f84c5cb9cc7443.zip |
Make postfix user content access optional
The postfix virtual domain does not always need full manage rights on
the users' home directories and content. We make these rights optional
through the postfix_{read,manage}_{generic,all}_user_content booleans.
Changes since v1:
- Move tunable definition inside template
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
-rw-r--r-- | policy/modules/contrib/postfix.te | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te index 5463a21c..212d34d4 100644 --- a/policy/modules/contrib/postfix.te +++ b/policy/modules/contrib/postfix.te @@ -826,11 +826,7 @@ mta_delete_spool(postfix_virtual_t) mta_read_config(postfix_virtual_t) mta_manage_spool(postfix_virtual_t) -userdom_manage_user_home_dirs(postfix_virtual_t) -userdom_manage_user_home_content_dirs(postfix_virtual_t) -userdom_manage_user_home_content_files(postfix_virtual_t) -userdom_home_filetrans_user_home_dir(postfix_virtual_t) -userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, { file dir }) +userdom_user_content_access_template(postfix, postfix_virtual_t) ifdef(`distro_gentoo',` ##################################### |