#DESC postgrey - Postfix Grey-listing server
#
# Author:  Russell Coker <russell@coker.com.au>
# X-Debian-Packages: postgrey

daemon_domain(postgrey)

allow postgrey_t urandom_device_t:chr_file { getattr read };

# for perl
allow postgrey_t { bin_t sbin_t }:dir { getattr search };
allow postgrey_t usr_t:{ file lnk_file } { getattr read };
dontaudit postgrey_t usr_t:file ioctl;

allow postgrey_t { etc_t etc_runtime_t }:file { getattr read };
etcdir_domain(postgrey)

can_network_server_tcp(postgrey_t)
can_ypbind(postgrey_t)
allow postgrey_t postgrey_port_t:tcp_socket name_bind;
allow postgrey_t self:unix_dgram_socket create_socket_perms;
allow postgrey_t self:unix_stream_socket create_stream_socket_perms;
allow postgrey_t proc_t:file { getattr read };

allow postgrey_t self:capability { chown setgid setuid };
dontaudit postgrey_t self:capability sys_tty_config;

var_lib_domain(postgrey)

allow postgrey_t tmp_t:dir getattr;