From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 547311389E2 for ; Tue, 30 Dec 2014 20:47:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0C09E0844; Tue, 30 Dec 2014 20:46:58 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6E08EE0844 for ; Tue, 30 Dec 2014 20:46:58 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6318F340696 for ; Tue, 30 Dec 2014 20:46:57 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0D87DE843 for ; Tue, 30 Dec 2014 20:46:56 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1419972332.a112724e4000453bd4b71d357b7eab790a44ac07.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/courier.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: a112724e4000453bd4b71d357b7eab790a44ac07 X-VCS-Branch: master Date: Tue, 30 Dec 2014 20:46:56 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 42bf96aa-10bd-4f09-9869-21589198ac90 X-Archives-Hash: c3d007469d4fdd13617680a69641a8b3 commit: a112724e4000453bd4b71d357b7eab790a44ac07 Author: Sven Vermeulen siphos be> AuthorDate: Tue Dec 30 20:45:32 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Tue Dec 30 20:45:32 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a112724e Use auth_use_pam in courier The auth_use_pam() method now includes the proper privileges to check the SELinux state. As courier is using PAM, this makes the policy easier to update (manageability) and the reason for the rules are then better documented. --- policy/modules/contrib/courier.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te index ba0545c..d59f878 100644 --- a/policy/modules/contrib/courier.te +++ b/policy/modules/contrib/courier.te @@ -217,5 +217,6 @@ ifdef(`distro_gentoo',` # # Grant authdaemon getattr rights on security_t so that it can check if SELinux is enabled (needed through pam support) (bug 534030) - selinux_getattr_fs(courier_authdaemon_t) + # selinux_getattr_fs(courier_authdaemon_t) + auth_use_pam(courier_authdaemon_t) ')