selinux-policy/refpolicy/policy/modules/services/pyzor.if

## <summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>

########################################
## <summary>
##	Execute pyzor with a domain transition.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`pyzor_domtrans',`
	gen_require(`
		type pyzor_exec_t, pyzor_t;
	')

	files_search_usr($1)
	corecmd_search_bin($1)
	domain_auto_trans($1,pyzor_exec_t,pyzor_t)

	allow $1 pyzor_t:fd use;
	allow pyzor_t $1:fd use;
	allow pyzor_t $1:fifo_file rw_file_perms;
	allow pyzor_t $1:process sigchld;
')

########################################
## <summary>
##	Execute pyzor in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`pyzor_exec',`
	gen_require(`
		type pyzor_exec_t;
	')

	files_search_usr($1)
	corecmd_search_bin($1)
	can_exec($1,pyzor_exec_t)
')
patch from dan Tue, 02 May 2006 10:08:17 -0400, includes pyzor, bug 1541 2006-05-03 19:58:01 +00:00			`## <summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>`

			`########################################`
			`## <summary>`
			`## Execute pyzor with a domain transition.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`pyzor_domtrans',`
			gen_require(`
			`type pyzor_exec_t, pyzor_t;`
			`')`

			`files_search_usr($1)`
			`corecmd_search_bin($1)`
			`domain_auto_trans($1,pyzor_exec_t,pyzor_t)`

			`allow $1 pyzor_t:fd use;`
			`allow pyzor_t $1:fd use;`
			`allow pyzor_t $1:fifo_file rw_file_perms;`
			`allow pyzor_t $1:process sigchld;`
			`')`

			`########################################`
			`## <summary>`
			`## Execute pyzor in the caller domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`pyzor_exec',`
			gen_require(`
			`type pyzor_exec_t;`
			`')`

			`files_search_usr($1)`
			`corecmd_search_bin($1)`
			`can_exec($1,pyzor_exec_t)`
			`')`