Chris PeBenito 0fbfa5
#DESC saslauthd - Authentication daemon for SASL
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Author: Colin Walters <walters@verbum.org>
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 2705f9
daemon_domain(saslauthd, `, auth_chkpwd, auth_bool')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow saslauthd_t self:fifo_file { read write };
Chris PeBenito 0fbfa5
allow saslauthd_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 0fbfa5
allow saslauthd_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 0fbfa5
allow saslauthd_t saslauthd_var_run_t:sock_file create_file_perms;
Chris PeBenito a08248
allow saslauthd_t var_lib_t:dir search;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow saslauthd_t etc_t:dir { getattr search };
Chris PeBenito 0fbfa5
allow saslauthd_t etc_t:file r_file_perms;
Chris PeBenito 0fbfa5
allow saslauthd_t net_conf_t:file r_file_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow saslauthd_t self:file r_file_perms;
Chris PeBenito 2705f9
allow saslauthd_t proc_t:file { getattr read };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow saslauthd_t urandom_device_t:chr_file { getattr read }; 
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# Needs investigation
Chris PeBenito 0fbfa5
dontaudit saslauthd_t home_root_t:dir getattr;
Chris PeBenito 2705f9
can_network_client_tcp(saslauthd_t)
Chris PeBenito 2705f9
allow saslauthd_t pop_port_t:tcp_socket name_connect;
Chris PeBenito 2705f9
Chris PeBenito 2705f9
bool allow_saslauthd_read_shadow false;
Chris PeBenito 2705f9
Chris PeBenito 2705f9
if (allow_saslauthd_read_shadow) {
Chris PeBenito 2705f9
allow saslauthd_t shadow_t:file r_file_perms;
Chris PeBenito 2705f9
}
Chris PeBenito a08248
dontaudit saslauthd_t selinux_config_t:dir search;
Chris PeBenito a08248
dontaudit saslauthd_t selinux_config_t:file { getattr read };
Chris PeBenito a08248
Chris PeBenito a08248
Chris PeBenito a08248
dontaudit saslauthd_t initrc_t:unix_stream_socket connectto;
Chris PeBenito a08248
ifdef(`mysqld.te', `
Chris PeBenito a08248
allow saslauthd_t mysqld_db_t:dir search;
Chris PeBenito a08248
allow saslauthd_t mysqld_var_run_t:sock_file rw_file_perms;
Chris PeBenito a08248
')