commit: a112724e4000453bd4b71d357b7eab790a44ac07
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Dec 30 20:45:32 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Dec 30 20:45:32 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a112724e
Use auth_use_pam in courier
The auth_use_pam() method now includes the proper privileges to check
the SELinux state. As courier is using PAM, this makes the policy easier
to update (manageability) and the reason for the rules are then better
documented.
---
policy/modules/contrib/courier.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/courier.te
b/policy/modules/contrib/courier.te
index ba0545c..d59f878 100644
--- a/policy/modules/contrib/courier.te
+++ b/policy/modules/contrib/courier.te
@@ -217,5 +217,6 @@ ifdef(`distro_gentoo',`
#
# Grant authdaemon getattr rights on security_t so that it can check if
SELinux is enabled (needed through pam support) (bug 534030)
- selinux_getattr_fs(courier_authdaemon_t)
+ # selinux_getattr_fs(courier_authdaemon_t)
+ auth_use_pam(courier_authdaemon_t)
')
