diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-30 21:45:32 +0100 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-30 21:45:32 +0100 |
commit | a112724e4000453bd4b71d357b7eab790a44ac07 (patch) | |
tree | d9f6b723353496c861e89df6136f8d98f9816dd5 | |
parent | Grant all PAM using applications read access to SELinux state (diff) | |
download | hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.tar.gz hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.tar.bz2 hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.zip |
Use auth_use_pam in courier
The auth_use_pam() method now includes the proper privileges to check
the SELinux state. As courier is using PAM, this makes the policy easier
to update (manageability) and the reason for the rules are then better
documented.
-rw-r--r-- | policy/modules/contrib/courier.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te index ba0545cfe..d59f878c2 100644 --- a/policy/modules/contrib/courier.te +++ b/policy/modules/contrib/courier.te @@ -217,5 +217,6 @@ ifdef(`distro_gentoo',` # # Grant authdaemon getattr rights on security_t so that it can check if SELinux is enabled (needed through pam support) (bug 534030) - selinux_getattr_fs(courier_authdaemon_t) + # selinux_getattr_fs(courier_authdaemon_t) + auth_use_pam(courier_authdaemon_t) ') |