Pyzor is a distributed, collaborative spam detection and filtering network.

####################################### ##

## The per role template for the pyzor module. ##

## ##

## This template allows pyzor to manage files in ## a user home directory, creating files with the ## correct type. ##

## This template is invoked automatically for each user, and ## generally does not need to be invoked directly ## by policy writers. ##

## ## ##

## The prefix of the user domain (e.g., user ## is the prefix for user_t). ##

## # template(`pyzor_per_role_template',` gen_require(` type pyzord_t; ') type $1_pyzor_home_t; userdom_user_home_content($1, $1_pyzor_home_t) manage_dirs_pattern(pyzord_t, $1_pyzor_home_t, $1_pyzor_home_t) manage_files_pattern(pyzord_t, $1_pyzor_home_t, $1_pyzor_home_t) manage_lnk_files_pattern(pyzord_t, $1_pyzor_home_t, $1_pyzor_home_t) userdom_user_home_dir_filetrans($1, pyzord_t, $1_pyzor_home_t, { dir file lnk_file }) ') ######################################## ##

## Send generic signals to pyzor ##

## ##

## Domain allowed access. ##

## # interface(`pyzor_signal',` gen_require(` type pyzor_t; ') allow $1 pyzor_t:process signal; ') ######################################## ##

## Execute pyzor with a domain transition. ##

## ##

## Domain allowed access. ##

## # interface(`pyzor_domtrans',` gen_require(` type pyzor_exec_t, pyzor_t; ') files_search_usr($1) corecmd_search_bin($1) domtrans_pattern($1,pyzor_exec_t,pyzor_t) ') ######################################## ##

## Execute pyzor in the caller domain. ##

## ##

## Domain allowed access. ##

## # interface(`pyzor_exec',` gen_require(` type pyzor_exec_t; ') files_search_usr($1) corecmd_search_bin($1) can_exec($1,pyzor_exec_t) ')