#DESC Publicfile - HTTP and FTP file services
# http://cr.yp.to/publicfile.html
#
# Author: petre rodan <kaiowas@gentoo.org>
#
# this policy depends on ucspi-tcp
#

daemon_domain(publicfile)
type publicfile_content_t, file_type, sysadmfile;
domain_auto_trans(initrc_t, publicfile_exec_t, publicfile_t)

ifdef(`ucspi-tcp.te', `
domain_auto_trans(utcpserver_t, publicfile_exec_t, publicfile_t)
allow publicfile_t utcpserver_t:tcp_socket { read write };
allow utcpserver_t { ftp_data_port_t ftp_port_t http_port_t }:tcp_socket name_bind;
')

allow publicfile_t initrc_t:tcp_socket { read write };

allow publicfile_t self:capability { dac_override setgid setuid sys_chroot };

r_dir_file(publicfile_t, publicfile_content_t)