diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2020-08-25 20:43:14 +0200 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2020-10-11 13:50:58 -0700 |
| commit | c34d419982b267ebe02818a1e73d88f1d3c4456c (patch) | |
| tree | 2ed9e562c33b20cf029e5d8b8bff8cd2934db382 | |
| parent | acpi.te: Allow acpid_t to shutdown the system - this is required to handle sh... (diff) | |
| download | hardened-refpolicy-c34d419982b267ebe02818a1e73d88f1d3c4456c.tar.gz hardened-refpolicy-c34d419982b267ebe02818a1e73d88f1d3c4456c.tar.bz2 hardened-refpolicy-c34d419982b267ebe02818a1e73d88f1d3c4456c.zip | |
postfixpolicyd: split multi-class rule
The rule uses the permission manage_file_perms on the classes file and
sock_file. This won't result in a change in the actual policy
generated, but if the definitions of macros are changed going forward,
the mismatches could cause issues.
Found by SELint
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/services/postfixpolicyd.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/policy/modules/services/postfixpolicyd.te b/policy/modules/services/postfixpolicyd.te index ed40bd5d..4dff9fca 100644 --- a/policy/modules/services/postfixpolicyd.te +++ b/policy/modules/services/postfixpolicyd.te @@ -37,7 +37,8 @@ allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms; manage_files_pattern(postfix_policyd_t, postfix_policyd_runtime_t, postfix_policyd_runtime_t) files_runtime_filetrans(postfix_policyd_t, postfix_policyd_runtime_t, file) -allow postfix_policyd_t postfix_policyd_tmp_t:{ file sock_file } manage_file_perms; +allow postfix_policyd_t postfix_policyd_tmp_t:file manage_file_perms; +allow postfix_policyd_t postfix_policyd_tmp_t:sock_file manage_sock_file_perms; files_tmp_filetrans(postfix_policyd_t, postfix_policyd_tmp_t, { file sock_file }) kernel_search_network_sysctl(postfix_policyd_t) |