#DESC fetchmail - remote-mail retrieval utility
#
# Author: Greg Norris <haphazard@kc.rr.com>
# X-Debian-Packages: fetchmail
# Depends: mta.te
#
# Note: This policy is only required when running fetchmail in daemon mode.

#################################
#
# Rules for the fetchmail_t domain.
#
daemon_domain(fetchmail);
type fetchmail_etc_t, file_type, sysadmfile;
type fetchmail_uidl_cache_t, file_type, sysadmfile;

# misc. requirements
allow fetchmail_t self:process setrlimit;

# network-related goodies
can_network_client_tcp(fetchmail_t, { dns_port_t pop_port_t smtp_port_t })
can_network_udp(fetchmail_t, dns_port_t)
allow fetchmail_t port_type:tcp_socket name_connect;

allow fetchmail_t self:unix_dgram_socket create_socket_perms;
allow fetchmail_t self:unix_stream_socket create_stream_socket_perms;

# file access
allow fetchmail_t etc_t:file r_file_perms;
allow fetchmail_t fetchmail_etc_t:file r_file_perms;
allow fetchmail_t mail_spool_t:dir search;
file_type_auto_trans(fetchmail_t, mail_spool_t, fetchmail_uidl_cache_t, file)