Blame mls/domains/program/unused/jabberd.te
|
Chris PeBenito |
31b7c0 |
#DESC jabberd - Jabber daemon
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Author: Colin Walters <walters@verbum.org>
|
|
Chris PeBenito |
31b7c0 |
# X-Debian-Packages: jabber
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
daemon_domain(jabberd)
|
|
Chris PeBenito |
31b7c0 |
logdir_domain(jabberd)
|
|
Chris PeBenito |
31b7c0 |
var_lib_domain(jabberd)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t jabber_client_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t jabber_interserver_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t etc_t:lnk_file read;
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t { etc_t etc_runtime_t }:file { read getattr };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# For SSL
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t random_device_t:file r_file_perms;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
can_network_server(jabberd_t)
|
|
Chris PeBenito |
31b7c0 |
can_ypbind(jabberd_t)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t self:fifo_file { read write getattr };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow jabberd_t self:capability dac_override;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# allow any user domain to connect to jabber
|
|
Chris PeBenito |
31b7c0 |
can_tcp_connect(userdomain, jabberd_t)
|