|
Chris PeBenito |
31b7c0 |
#DESC cyrus-imapd
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Authors: Dan Walsh <dwalsh@redhat.com>
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# cyrusd_exec_t is the type of the cyrusd executable.
|
|
Chris PeBenito |
31b7c0 |
# cyrusd_key_t is the type of the cyrus private key files
|
|
Chris PeBenito |
31b7c0 |
daemon_domain(cyrus)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
general_domain_access(cyrus_t)
|
|
Chris PeBenito |
31b7c0 |
file_type_auto_trans(cyrus_t, var_run_t, cyrus_var_run_t, sock_file)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
type cyrus_var_lib_t, file_type, sysadmfile;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t self:capability { dac_override net_bind_service setgid setuid sys_resource };
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t self:process setrlimit;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
can_network(cyrus_t)
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t port_type:tcp_socket name_connect;
|
|
Chris PeBenito |
31b7c0 |
can_ypbind(cyrus_t)
|
|
Chris PeBenito |
31b7c0 |
can_exec(cyrus_t, bin_t)
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t cyrus_var_lib_t:dir create_dir_perms;
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t cyrus_var_lib_t:{file sock_file lnk_file} create_file_perms;
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t etc_t:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t lib_t:file { execute execute_no_trans getattr read };
|
|
Chris PeBenito |
31b7c0 |
read_locale(cyrus_t)
|
|
Chris PeBenito |
31b7c0 |
read_sysctl(cyrus_t)
|
|
Chris PeBenito |
31b7c0 |
tmp_domain(cyrus)
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t { mail_port_t pop_port_t }:tcp_socket name_bind;
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t proc_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t proc_t:file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t sysadm_devpts_t:chr_file { read write };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t var_lib_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t etc_runtime_t:file { read getattr };
|
|
Chris PeBenito |
31b7c0 |
ifdef(`crond.te', `
|
|
Chris PeBenito |
31b7c0 |
system_crond_entry(cyrus_exec_t, cyrus_t)
|
|
Chris PeBenito |
31b7c0 |
allow system_crond_t cyrus_var_lib_t:dir rw_dir_perms;
|
|
Chris PeBenito |
31b7c0 |
allow system_crond_t cyrus_var_lib_t:file create_file_perms;
|
|
Chris PeBenito |
31b7c0 |
')
|
|
Chris PeBenito |
31b7c0 |
create_dir_file(cyrus_t, mail_spool_t)
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t var_spool_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
ifdef(`saslauthd.te', `
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t saslauthd_var_run_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t saslauthd_var_run_t:sock_file { read write };
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t saslauthd_t:unix_stream_socket { connectto };
|
|
Chris PeBenito |
31b7c0 |
')
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
r_dir_file(cyrus_t, cert_t)
|
|
Chris PeBenito |
31b7c0 |
allow cyrus_t { urandom_device_t random_device_t }:chr_file { read getattr };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
ifdef(`postfix.te', `
|
|
Chris PeBenito |
31b7c0 |
allow postfix_master_t cyrus_t:unix_stream_socket connectto;
|
|
Chris PeBenito |
31b7c0 |
allow postfix_master_t var_lib_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
allow postfix_master_t cyrus_var_lib_t:dir search;
|
|
Chris PeBenito |
31b7c0 |
allow postfix_master_t cyrus_var_lib_t:sock_file write;
|
|
Chris PeBenito |
31b7c0 |
')
|
|
Chris PeBenito |
31b7c0 |
|