Blame strict/domains/program/fetchmail.te
|
Chris PeBenito |
0fbfa5 |
#DESC fetchmail - remote-mail retrieval utility
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Greg Norris <haphazard@kc.rr.com>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: fetchmail
|
|
Chris PeBenito |
2705f9 |
# Depends: mta.te
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Note: This policy is only required when running fetchmail in daemon mode.
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the fetchmail_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(fetchmail);
|
|
Chris PeBenito |
0fbfa5 |
type fetchmail_etc_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
type fetchmail_uidl_cache_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# misc. requirements
|
|
Chris PeBenito |
0fbfa5 |
allow fetchmail_t self:process setrlimit;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# network-related goodies
|
|
Chris PeBenito |
2705f9 |
can_network_client_tcp(fetchmail_t, { dns_port_t pop_port_t smtp_port_t })
|
|
Chris PeBenito |
2705f9 |
can_network_udp(fetchmail_t, dns_port_t)
|
|
Chris PeBenito |
2705f9 |
allow fetchmail_t port_type:tcp_socket name_connect;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
0fbfa5 |
allow fetchmail_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow fetchmail_t self:unix_stream_socket create_stream_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# file access
|
|
Chris PeBenito |
0fbfa5 |
allow fetchmail_t etc_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow fetchmail_t fetchmail_etc_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow fetchmail_t mail_spool_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
file_type_auto_trans(fetchmail_t, mail_spool_t, fetchmail_uidl_cache_t, file)
|