Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Vermeulen <sven.vermeulen@siphos.be>2018-03-25 13:57:11 +0200
committerJason Zaman <jason@perfinion.com>2018-06-14 20:56:53 +0800
commitd61a937aadcff678640a712430f84c5cb9cc7443 (patch)
tree1e3efcdacc41d72a9144f9708d9bd281c4f3679d
parentMake openoffice user content access optional (diff)
downloadhardened-refpolicy-d61a937aadcff678640a712430f84c5cb9cc7443.tar.gz
hardened-refpolicy-d61a937aadcff678640a712430f84c5cb9cc7443.tar.bz2
hardened-refpolicy-d61a937aadcff678640a712430f84c5cb9cc7443.zip
Make postfix user content access optional
The postfix virtual domain does not always need full manage rights on the users' home directories and content. We make these rights optional through the postfix_{read,manage}_{generic,all}_user_content booleans. Changes since v1: - Move tunable definition inside template Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Diffstat
-rw-r--r--policy/modules/contrib/postfix.te6
1 files changed, 1 insertions, 5 deletions
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 5463a21c..212d34d4 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -826,11 +826,7 @@ mta_delete_spool(postfix_virtual_t)
mta_read_config(postfix_virtual_t)
mta_manage_spool(postfix_virtual_t)
-userdom_manage_user_home_dirs(postfix_virtual_t)
-userdom_manage_user_home_content_dirs(postfix_virtual_t)
-userdom_manage_user_home_content_files(postfix_virtual_t)
-userdom_home_filetrans_user_home_dir(postfix_virtual_t)
-userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, { file dir })
+userdom_user_content_access_template(postfix, postfix_virtual_t)
ifdef(`distro_gentoo',`
#####################################