dovecot: allow dovecot-auth to read SASL keytab

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Kenton Groombridge <concord@gentoo.org> 2024-05-06 15:59:55 -0400
committer: Kenton Groombridge <concord@gentoo.org> 2024-05-14 13:41:35 -0400
commit: 304a909724d2e15445449257a45563751eb88a7c (patch)
tree: 777463c7d4d5dc1d70d517c0e29fe83e6fbf4862 /policy/modules/services/dovecot.te
parent: fail2ban: allow reading net sysctls (diff)
download: hardened-refpolicy-304a909724d2e15445449257a45563751eb88a7c.tar.gz
hardened-refpolicy-304a909724d2e15445449257a45563751eb88a7c.tar.bz2
hardened-refpolicy-304a909724d2e15445449257a45563751eb88a7c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
index 11ffbb177..937219831 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -322,6 +322,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	sasl_read_keytab(dovecot_auth_t)
+')
+
+optional_policy(`
         postgresql_unpriv_client(dovecot_auth_t)
 
         tunable_policy(`dovecot_can_connect_db',`
author	Kenton Groombridge <concord@gentoo.org>	2024-05-06 15:59:55 -0400
committer	Kenton Groombridge <concord@gentoo.org>	2024-05-14 13:41:35 -0400
commit	304a909724d2e15445449257a45563751eb88a7c (patch)
tree	777463c7d4d5dc1d70d517c0e29fe83e6fbf4862 /policy/modules/services/dovecot.te
parent	fail2ban: allow reading net sysctls (diff)
download	hardened-refpolicy-304a909724d2e15445449257a45563751eb88a7c.tar.gz hardened-refpolicy-304a909724d2e15445449257a45563751eb88a7c.tar.bz2 hardened-refpolicy-304a909724d2e15445449257a45563751eb88a7c.zip