[selinux-policy: 2905/3172] Allow dovecot-deliver to create tmp files Allow tor to send signals to itself

[Daniel J Walsh]

commit 3a3212619a76ab784116867db400a80cd0cbaaba
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Mon Sep 13 13:12:24 2010 +0200

    Allow dovecot-deliver to create tmp files
    Allow tor to send signals to itself

 policy/modules/services/dovecot.te |    7 +++++++
 policy/modules/services/tor.te     |    2 ++
 2 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
index b52545a..64bc566 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -26,6 +26,9 @@ domain_type(dovecot_deliver_t)
 domain_entry_file(dovecot_deliver_t, dovecot_deliver_exec_t)
 role system_r types dovecot_deliver_t;
 
+type dovecot_deliver_tmp_t;
+files_tmp_file(dovecot_deliver_tmp_t)
+
 type dovecot_etc_t;
 files_config_file(dovecot_etc_t)
 
@@ -268,6 +271,10 @@ allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
 
 append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
 
+manage_dirs_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
+manage_files_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
+files_tmp_filetrans(dovecot_deliver_t, dovecot_deliver_tmp_t, { file dir })
+
 can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
 
 kernel_read_all_sysctls(dovecot_deliver_t)
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
index 81e8d3c..0a0074c 100644
--- a/policy/modules/services/tor.te
+++ b/policy/modules/services/tor.te
@@ -42,6 +42,8 @@ files_pid_file(tor_var_run_t)
 #
 
 allow tor_t self:capability { setgid setuid sys_tty_config };
+allow tor_t self:process signal;
+
 allow tor_t self:fifo_file rw_fifo_file_perms;
 allow tor_t self:unix_stream_socket create_stream_socket_perms;
 allow tor_t self:netlink_route_socket r_netlink_socket_perms;