#DESC Dovecot POP and IMAP servers # # Author: Russell Coker # X-Debian-Packages: dovecot-imapd, dovecot-pop3d daemon_domain(dovecot, `, privhome') allow dovecot_t dovecot_var_run_t:sock_file create_file_perms; can_exec(dovecot_t, dovecot_exec_t) type dovecot_cert_t, file_type, sysadmfile; allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot }; allow dovecot_t self:process setrlimit; can_network_tcp(dovecot_t) can_ypbind(dovecot_t) allow dovecot_t self:unix_dgram_socket create_socket_perms; allow dovecot_t self:unix_stream_socket create_stream_socket_perms; can_unix_connect(dovecot_t, self) allow dovecot_t etc_t:file { getattr read }; allow dovecot_t initrc_var_run_t:file getattr; allow dovecot_t bin_t:dir { getattr search }; can_exec(dovecot_t, bin_t) allow dovecot_t pop_port_t:tcp_socket name_bind; allow dovecot_t urandom_device_t:chr_file read; allow dovecot_t cert_t:dir search; allow dovecot_t dovecot_cert_t:file { getattr read }; allow dovecot_t { self proc_t }:file { getattr read }; allow dovecot_t self:fifo_file rw_file_perms; can_kerberos(dovecot_t) allow dovecot_t tmp_t:dir search; rw_dir_file(dovecot_t, mail_spool_t) allow dovecot_t mail_spool_t:lnk_file read; allow dovecot_t var_spool_t:dir { search }; daemon_sub_domain(dovecot_t, dovecot_auth, `, auth_chkpwd') allow dovecot_auth_t self:process { fork signal_perms }; allow dovecot_auth_t dovecot_t:unix_stream_socket { getattr accept read write ioctl }; allow dovecot_auth_t self:unix_dgram_socket create_socket_perms; allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms; allow dovecot_auth_t self:fifo_file rw_file_perms; allow dovecot_auth_t urandom_device_t:chr_file { getattr read }; allow dovecot_auth_t etc_t:file { getattr read }; allow dovecot_auth_t { self proc_t }:file { getattr read }; read_locale(dovecot_auth_t) read_sysctl(dovecot_auth_t) allow dovecot_auth_t sysctl_t:dir search; dontaudit dovecot_auth_t selinux_config_t:dir search;