#DESC Perdition POP and IMAP proxy
#
# Author:  Russell Coker <russell@coker.com.au>
# X-Debian-Packages: perdition
#

#################################
#
# Rules for the perdition_t domain.
#
daemon_domain(perdition)

allow perdition_t pop_port_t:tcp_socket name_bind;

etc_domain(perdition)

# Use the network.
can_network_server(perdition_t)
allow perdition_t self:unix_stream_socket create_socket_perms;
allow perdition_t self:unix_dgram_socket create_socket_perms;

# allow any domain to connect to the proxy
can_tcp_connect(userdomain, perdition_t)

# Use capabilities
allow perdition_t self:capability { setgid setuid net_bind_service };

allow perdition_t etc_t:file { getattr read };
allow perdition_t etc_t:lnk_file read;