Blame strict/domains/program/unused/perdition.te
|
Chris PeBenito |
0fbfa5 |
#DESC Perdition POP and IMAP proxy
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: perdition
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the perdition_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(perdition)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow perdition_t pop_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
etc_domain(perdition)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Use the network.
|
|
Chris PeBenito |
0fbfa5 |
can_network_server(perdition_t)
|
|
Chris PeBenito |
0fbfa5 |
allow perdition_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow perdition_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# allow any domain to connect to the proxy
|
|
Chris PeBenito |
0fbfa5 |
can_tcp_connect(userdomain, perdition_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Use capabilities
|
|
Chris PeBenito |
0fbfa5 |
allow perdition_t self:capability { setgid setuid net_bind_service };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow perdition_t etc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow perdition_t etc_t:lnk_file read;
|