Blame strict/domains/program/unused/postgrey.te
|
Chris PeBenito |
0fbfa5 |
#DESC postgrey - Postfix Grey-listing server
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: postgrey
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(postgrey)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t urandom_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for perl
|
|
Chris PeBenito |
2705f9 |
allow postgrey_t { bin_t sbin_t }:dir { getattr search };
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t usr_t:{ file lnk_file } { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
dontaudit postgrey_t usr_t:file ioctl;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t { etc_t etc_runtime_t }:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
etcdir_domain(postgrey)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_network_server_tcp(postgrey_t)
|
|
Chris PeBenito |
0fbfa5 |
can_ypbind(postgrey_t)
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t postgrey_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t self:unix_stream_socket create_stream_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t proc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t self:capability { chown setgid setuid };
|
|
Chris PeBenito |
0fbfa5 |
dontaudit postgrey_t self:capability sys_tty_config;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
var_lib_domain(postgrey)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow postgrey_t tmp_t:dir getattr;
|