7 lat temu · eeea104868
--- a/policy/modules/dovecot.te
+++ b/policy/modules/dovecot.te
@@ -1,4 +1,4 @@
 
				-policy_module(dovecot, 1.17.8)
			
 
				+policy_module(dovecot, 1.18.1)
			
 
				 
			
 
				 ########################################
			
 
				 #
			
@@ -95,7 +95,7 @@ miscfiles_read_localization(dovecot_domain)
 
				 # Local policy
			
 
				 #
			
 
				 
			
 
				-allow dovecot_t self:capability { dac_override dac_read_search chown fsetid kill setgid setuid sys_chroot };
			
 
				+allow dovecot_t self:capability { dac_override dac_read_search chown fsetid kill setgid setuid sys_chroot sys_resource };
			
 
				 dontaudit dovecot_t self:capability sys_tty_config;
			
 
				 allow dovecot_t self:process { setrlimit signal_perms getcap setcap setsched };
			
 
				 allow dovecot_t self:tcp_socket { accept listen };
			
@@ -127,6 +127,8 @@ manage_dirs_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
 
				 manage_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
			
 
				 manage_lnk_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
			
 
				 manage_sock_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
			
 
				+allow dovecot_auth_t dovecot_var_run_t:file manage_file_perms;
			
 
				+allow dovecot_auth_t dovecot_var_run_t:fifo_file write_fifo_file_perms;
			
 
				 manage_fifo_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
			
 
				 files_pid_filetrans(dovecot_t, dovecot_var_run_t, { dir file fifo_file })
			
 
				 
			
@@ -139,6 +141,9 @@ allow dovecot_t dovecot_auth_t:process signal;
 
				 
			
 
				 domtrans_pattern(dovecot_t, dovecot_auth_exec_t, dovecot_auth_t)
			
 
				 
			
 
				+files_list_usr(dovecot_t)
			
 
				+files_read_usr_files(dovecot_t)
			
 
				+
			
 
				 corenet_all_recvfrom_unlabeled(dovecot_t)
			
 
				 corenet_all_recvfrom_netlabel(dovecot_t)
			
 
				 corenet_tcp_sendrecv_generic_if(dovecot_t)
			
@@ -255,6 +260,9 @@ manage_sock_files_pattern(dovecot_auth_t, dovecot_var_run_t, dovecot_var_run_t)
 
				 
			
 
				 allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_perms };
			
 
				 
			
 
				+selinux_get_enforce_mode(dovecot_auth_t)
			
 
				+selinux_get_fs_mount(dovecot_auth_t)
			
 
				+
			
 
				 files_search_pids(dovecot_auth_t)
			
 
				 files_read_usr_files(dovecot_auth_t)
			
 
				 files_read_var_lib_files(dovecot_auth_t)
			
@@ -266,7 +274,7 @@ init_rw_utmp(dovecot_auth_t)
 
				 
			
 
				 logging_send_audit_msgs(dovecot_auth_t)
			
 
				 
			
 
				-seutil_dontaudit_search_config(dovecot_auth_t)
			
 
				+seutil_search_default_contexts(dovecot_auth_t)
			
 
				 
			
 
				 sysnet_use_ldap(dovecot_auth_t)