#DESC cyrus-imapd

#

# Authors:  Dan Walsh <dwalsh@redhat.com>

#

# cyrusd_exec_t is the type of the cyrusd executable.

# cyrusd_key_t is the type of the cyrus private key files

daemon_domain(cyrus)

general_domain_access(cyrus_t)

file_type_auto_trans(cyrus_t, var_run_t, cyrus_var_run_t, sock_file)

type cyrus_var_lib_t, file_type, sysadmfile;

allow cyrus_t self:capability { dac_override net_bind_service setgid setuid sys_resource };

allow cyrus_t self:process setrlimit;

allow initrc_su_t cyrus_var_lib_t:dir search;

can_network(cyrus_t)

can_ypbind(cyrus_t)

can_exec(cyrus_t, bin_t)

allow cyrus_t cyrus_var_lib_t:dir create_dir_perms;

allow cyrus_t cyrus_var_lib_t:{file sock_file } create_file_perms;

allow cyrus_t etc_t:file { getattr read };

allow cyrus_t lib_t:file { execute execute_no_trans getattr read };

read_locale(cyrus_t)

read_sysctl(cyrus_t)

tmp_domain(cyrus)

ifdef(`use_pop', `

allow cyrus_t pop_port_t:tcp_socket name_bind;

')

allow cyrus_t proc_t:dir search;

allow cyrus_t proc_t:file { getattr read };

allow cyrus_t sysadm_devpts_t:chr_file { read write };

allow cyrus_t staff_t:fd use;

allow cyrus_t var_lib_t:dir search;

allow cyrus_t etc_runtime_t:file { read getattr };

ifdef(`crond.te', `

system_crond_entry(cyrus_exec_t, cyrus_t)

allow system_crond_t cyrus_var_lib_t:dir rw_dir_perms;

allow system_crond_t cyrus_var_lib_t:file create_file_perms;

allow system_crond_su_t cyrus_var_lib_t:dir search;

')

allow cyrus_t mail_port_t:tcp_socket name_bind;