50 lines
1.4 KiB
Plaintext
50 lines
1.4 KiB
Plaintext
|
#DESC ucspi-tcp - TCP Server and Client Tools
|
||
|
#
|
||
|
# Author Petre Rodan <kaiowas@gentoo.org>
|
||
|
# Andy Dustman (rblsmtp-related policy)
|
||
|
#
|
||
|
|
||
|
# http://cr.yp.to/ucspi-tcp.html
|
||
|
|
||
|
daemon_base_domain(utcpserver)
|
||
|
can_network(utcpserver_t)
|
||
|
|
||
|
allow utcpserver_t etc_t:file r_file_perms;
|
||
|
allow utcpserver_t { bin_t sbin_t var_t }:dir search;
|
||
|
|
||
|
allow utcpserver_t self:capability { net_bind_service setgid setuid };
|
||
|
allow utcpserver_t self:fifo_file { read write };
|
||
|
allow utcpserver_t self:process { fork sigchld };
|
||
|
|
||
|
allow utcpserver_t port_t:udp_socket name_bind;
|
||
|
|
||
|
ifdef(`qmail.te', `
|
||
|
domain_auto_trans(utcpserver_t, qmail_smtpd_exec_t, qmail_smtpd_t)
|
||
|
allow utcpserver_t smtp_port_t:tcp_socket name_bind;
|
||
|
allow qmail_smtpd_t utcpserver_t:tcp_socket { read write getattr };
|
||
|
allow utcpserver_t qmail_etc_t:dir r_dir_perms;
|
||
|
allow utcpserver_t qmail_etc_t:file r_file_perms;
|
||
|
')
|
||
|
|
||
|
daemon_base_domain(rblsmtpd)
|
||
|
can_network(rblsmtpd_t)
|
||
|
|
||
|
allow rblsmtpd_t self:process { fork sigchld };
|
||
|
|
||
|
allow rblsmtpd_t etc_t:file r_file_perms;
|
||
|
allow rblsmtpd_t { bin_t var_t }:dir search;
|
||
|
allow rblsmtpd_t port_t:udp_socket name_bind;
|
||
|
allow rblsmtpd_t utcpserver_t:tcp_socket { read write getattr };
|
||
|
|
||
|
ifdef(`qmail.te', `
|
||
|
domain_auto_trans(rblsmtpd_t, qmail_smtpd_exec_t, qmail_smtpd_t)
|
||
|
allow qmail_queue_t rblsmtpd_t:fd use;
|
||
|
')
|
||
|
|
||
|
ifdef(`daemontools.te', `
|
||
|
svc_ipc_domain(rblsmtpd_t)
|
||
|
')
|
||
|
|
||
|
domain_auto_trans(utcpserver_t, rblsmtpd_exec_t, rblsmtpd_t)
|
||
|
|