diff options
author | 2014-12-31 17:09:54 +0100 | |
---|---|---|
committer | 2015-01-02 18:18:02 +0100 | |
commit | 75128b920489e378bc417e10db1af7ed7edb0742 (patch) | |
tree | 6f03de19181a006b39eac7db66330f53014a42b5 /policy | |
parent | Use auth_use_pam in courier (diff) | |
download | hardened-refpolicy-75128b920489e378bc417e10db1af7ed7edb0742.tar.gz hardened-refpolicy-75128b920489e378bc417e10db1af7ed7edb0742.tar.bz2 hardened-refpolicy-75128b920489e378bc417e10db1af7ed7edb0742.zip |
Locate authdaemon socket and communicate with authdaemon
Without this, authentication fails. The following is shown in the logs:
Dec 30 19:36:54 localhost imapd: Connection, ip=[::ffff:192.168.100.152]
Dec 30 19:36:54 localhost imapd: authdaemon: s_connect() failed: Permission denied
Dec 30 19:36:54 localhost imapd: LOGIN FAILED, user=root, ip=[::ffff:192.168.100.152]
Dec 30 19:36:54 localhost imapd: authentication error: Permission denied
Through logon, the daemon (courier_pop_t) wants to locate the socket in
/var/lib/courier to initiate communication with the authdaemon.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Diffstat (limited to 'policy')
-rw-r--r-- | policy/modules/contrib/courier.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te index d59f878c2..e2b0c0d5f 100644 --- a/policy/modules/contrib/courier.te +++ b/policy/modules/contrib/courier.te @@ -137,6 +137,8 @@ allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_s allow courier_pop_t courier_var_lib_t:file { read write }; +stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_lib_t, courier_authdaemon_t) + domtrans_pattern(courier_pop_t, courier_authdaemon_exec_t, courier_authdaemon_t) miscfiles_read_localization(courier_pop_t) |