Use auth_use_pam in courier

The auth_use_pam() method now includes the proper privileges to check the SELinux state. As courier is using PAM, this makes the policy easier to update (manageability) and the reason for the rules are then better documented.
author: Sven Vermeulen <sven.vermeulen@siphos.be> 2014-12-30 21:45:32 +0100
committer: Sven Vermeulen <sven.vermeulen@siphos.be> 2014-12-30 21:45:32 +0100
commit: a112724e4000453bd4b71d357b7eab790a44ac07 (patch)
tree: d9f6b723353496c861e89df6136f8d98f9816dd5
parent: Grant all PAM using applications read access to SELinux state (diff)
download: hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.tar.gz
hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.tar.bz2
hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te
index ba0545cfe..d59f878c2 100644
--- a/policy/modules/contrib/courier.te
+++ b/policy/modules/contrib/courier.te
@@ -217,5 +217,6 @@ ifdef(`distro_gentoo',`
 	#
 
 	# Grant authdaemon getattr rights on security_t so that it can check if SELinux is enabled (needed through pam support) (bug 534030)
-	selinux_getattr_fs(courier_authdaemon_t)
+	# selinux_getattr_fs(courier_authdaemon_t)
+	auth_use_pam(courier_authdaemon_t)
 ')
author	Sven Vermeulen <sven.vermeulen@siphos.be>	2014-12-30 21:45:32 +0100
committer	Sven Vermeulen <sven.vermeulen@siphos.be>	2014-12-30 21:45:32 +0100
commit	a112724e4000453bd4b71d357b7eab790a44ac07 (patch)
tree	d9f6b723353496c861e89df6136f8d98f9816dd5
parent	Grant all PAM using applications read access to SELinux state (diff)
download	hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.tar.gz hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.tar.bz2 hardened-refpolicy-a112724e4000453bd4b71d357b7eab790a44ac07.zip