commit: d61a937aadcff678640a712430f84c5cb9cc7443
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Mar 25 11:57:11 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Jun 14 12:56:53 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d61a937a
Make postfix user content access optional
The postfix virtual domain does not always need full manage rights on
the users' home directories and content. We make these rights optional
through the postfix_{read,manage}_{generic,all}_user_content booleans.
Changes since v1:
- Move tunable definition inside template
Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>
policy/modules/contrib/postfix.te | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/policy/modules/contrib/postfix.te
b/policy/modules/contrib/postfix.te
index 5463a21c..212d34d4 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -826,11 +826,7 @@ mta_delete_spool(postfix_virtual_t)
mta_read_config(postfix_virtual_t)
mta_manage_spool(postfix_virtual_t)
-userdom_manage_user_home_dirs(postfix_virtual_t)
-userdom_manage_user_home_content_dirs(postfix_virtual_t)
-userdom_manage_user_home_content_files(postfix_virtual_t)
-userdom_home_filetrans_user_home_dir(postfix_virtual_t)
-userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, { file
dir })
+userdom_user_content_access_template(postfix, postfix_virtual_t)
ifdef(`distro_gentoo',`
#####################################
