From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 586AF138334 for ; Sun, 24 Jun 2018 08:46:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2BAC6E0967; Sun, 24 Jun 2018 08:46:47 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 00C7CE0967 for ; Sun, 24 Jun 2018 08:46:46 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DFA13335CA5 for ; Sun, 24 Jun 2018 08:46:45 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id AD87E300 for ; Sun, 24 Jun 2018 08:46:43 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1528981013.d61a937aadcff678640a712430f84c5cb9cc7443.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/postfix.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: d61a937aadcff678640a712430f84c5cb9cc7443 X-VCS-Branch: master Date: Sun, 24 Jun 2018 08:46:43 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7228c18d-e010-499b-a923-216e316a36fb X-Archives-Hash: d740e1c9bdc50840577a648ad5f6c5c1 commit: d61a937aadcff678640a712430f84c5cb9cc7443 Author: Sven Vermeulen siphos be> AuthorDate: Sun Mar 25 11:57:11 2018 +0000 Commit: Jason Zaman gentoo org> CommitDate: Thu Jun 14 12:56:53 2018 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d61a937a Make postfix user content access optional The postfix virtual domain does not always need full manage rights on the users' home directories and content. We make these rights optional through the postfix_{read,manage}_{generic,all}_user_content booleans. Changes since v1: - Move tunable definition inside template Signed-off-by: Sven Vermeulen siphos.be> policy/modules/contrib/postfix.te | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te index 5463a21c..212d34d4 100644 --- a/policy/modules/contrib/postfix.te +++ b/policy/modules/contrib/postfix.te @@ -826,11 +826,7 @@ mta_delete_spool(postfix_virtual_t) mta_read_config(postfix_virtual_t) mta_manage_spool(postfix_virtual_t) -userdom_manage_user_home_dirs(postfix_virtual_t) -userdom_manage_user_home_content_dirs(postfix_virtual_t) -userdom_manage_user_home_content_files(postfix_virtual_t) -userdom_home_filetrans_user_home_dir(postfix_virtual_t) -userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, { file dir }) +userdom_user_content_access_template(postfix, postfix_virtual_t) ifdef(`distro_gentoo',` #####################################