Chris PeBenito 31b7c0
#DESC cyrus-imapd
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Authors:  Dan Walsh <dwalsh@redhat.com>
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# cyrusd_exec_t is the type of the cyrusd executable.
Chris PeBenito 31b7c0
# cyrusd_key_t is the type of the cyrus private key files
Chris PeBenito 31b7c0
daemon_domain(cyrus)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
general_domain_access(cyrus_t)
Chris PeBenito 31b7c0
file_type_auto_trans(cyrus_t, var_run_t, cyrus_var_run_t, sock_file)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
type cyrus_var_lib_t, file_type, sysadmfile;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow cyrus_t self:capability { dac_override net_bind_service setgid setuid sys_resource };
Chris PeBenito 31b7c0
allow cyrus_t self:process setrlimit;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
can_network(cyrus_t)
Chris PeBenito 31b7c0
allow cyrus_t port_type:tcp_socket name_connect;
Chris PeBenito 31b7c0
can_ypbind(cyrus_t)
Chris PeBenito 31b7c0
can_exec(cyrus_t, bin_t)
Chris PeBenito 31b7c0
allow cyrus_t cyrus_var_lib_t:dir create_dir_perms;
Chris PeBenito 31b7c0
allow cyrus_t cyrus_var_lib_t:{file sock_file lnk_file} create_file_perms;
Chris PeBenito 31b7c0
allow cyrus_t etc_t:file { getattr read };
Chris PeBenito 31b7c0
allow cyrus_t lib_t:file { execute execute_no_trans getattr read };
Chris PeBenito 31b7c0
read_locale(cyrus_t)
Chris PeBenito 31b7c0
read_sysctl(cyrus_t)
Chris PeBenito 31b7c0
tmp_domain(cyrus)
Chris PeBenito 31b7c0
allow cyrus_t { mail_port_t pop_port_t }:tcp_socket name_bind;
Chris PeBenito 31b7c0
allow cyrus_t proc_t:dir search;
Chris PeBenito 31b7c0
allow cyrus_t proc_t:file { getattr read };
Chris PeBenito 31b7c0
allow cyrus_t sysadm_devpts_t:chr_file { read write };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow cyrus_t var_lib_t:dir search;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow cyrus_t etc_runtime_t:file { read getattr };
Chris PeBenito 31b7c0
ifdef(`crond.te', `
Chris PeBenito 31b7c0
system_crond_entry(cyrus_exec_t, cyrus_t)
Chris PeBenito 31b7c0
allow system_crond_t cyrus_var_lib_t:dir rw_dir_perms;
Chris PeBenito 31b7c0
allow system_crond_t cyrus_var_lib_t:file create_file_perms;
Chris PeBenito 31b7c0
')
Chris PeBenito 31b7c0
create_dir_file(cyrus_t, mail_spool_t)
Chris PeBenito 31b7c0
allow cyrus_t var_spool_t:dir search;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
ifdef(`saslauthd.te', `
Chris PeBenito 31b7c0
allow cyrus_t saslauthd_var_run_t:dir search;
Chris PeBenito 31b7c0
allow cyrus_t saslauthd_var_run_t:sock_file { read write };
Chris PeBenito 31b7c0
allow cyrus_t saslauthd_t:unix_stream_socket { connectto };
Chris PeBenito 31b7c0
')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
r_dir_file(cyrus_t, cert_t)
Chris PeBenito 31b7c0
allow cyrus_t { urandom_device_t random_device_t }:chr_file { read getattr };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
ifdef(`postfix.te', `
Chris PeBenito 31b7c0
allow postfix_master_t cyrus_t:unix_stream_socket connectto;
Chris PeBenito 31b7c0
allow postfix_master_t var_lib_t:dir search;
Chris PeBenito 31b7c0
allow postfix_master_t cyrus_var_lib_t:dir search;
Chris PeBenito 31b7c0
allow postfix_master_t cyrus_var_lib_t:sock_file write;
Chris PeBenito 31b7c0
')
Chris PeBenito 31b7c0