## Pyzor is a distributed, collaborative spam detection and filtering network. ####################################### ## ## The per role template for the pyzor module. ## ## ##

## This template allows pyzor to manage files in ## a user home directory, creating files with the ## correct type. ##

##

## This template is invoked automatically for each user, and ## generally does not need to be invoked directly ## by policy writers. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## # template(`pyzor_per_role_template',` gen_require(` type pyzord_t; ') type $1_pyzor_home_t; userdom_user_home_content($1, $1_pyzor_home_t) manage_dirs_pattern(pyzord_t, $1_pyzor_home_t, $1_pyzor_home_t) manage_files_pattern(pyzord_t, $1_pyzor_home_t, $1_pyzor_home_t) manage_lnk_files_pattern(pyzord_t, $1_pyzor_home_t, $1_pyzor_home_t) userdom_user_home_dir_filetrans($1, pyzord_t, $1_pyzor_home_t, { dir file lnk_file }) ') ######################################## ## ## Send generic signals to pyzor ## ## ## ## Domain allowed access. ## ## # interface(`pyzor_signal',` gen_require(` type pyzor_t; ') allow $1 pyzor_t:process signal; ') ######################################## ## ## Execute pyzor with a domain transition. ## ## ## ## Domain allowed access. ## ## # interface(`pyzor_domtrans',` gen_require(` type pyzor_exec_t, pyzor_t; ') files_search_usr($1) corecmd_search_bin($1) domtrans_pattern($1,pyzor_exec_t,pyzor_t) ') ######################################## ## ## Execute pyzor in the caller domain. ## ## ## ## Domain allowed access. ## ## # interface(`pyzor_exec',` gen_require(` type pyzor_exec_t; ') files_search_usr($1) corecmd_search_bin($1) can_exec($1,pyzor_exec_t) ')