1e2abee10b
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
548 lines
17 KiB
Plaintext
548 lines
17 KiB
Plaintext
policy_module(spamassassin, 2.3.1)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow user spamassassin clients to use the network.
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(spamassassin_can_network, false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow spamd to read/write user home directories.
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(spamd_enable_home_dirs, true)
|
|
|
|
ifdef(`distro_redhat',`
|
|
# spamassassin client executable
|
|
type spamc_t;
|
|
type spamc_exec_t;
|
|
application_domain(spamc_t, spamc_exec_t)
|
|
role system_r types spamc_t;
|
|
|
|
type spamd_etc_t;
|
|
files_config_file(spamd_etc_t)
|
|
|
|
typealias spamc_exec_t alias spamassassin_exec_t;
|
|
typealias spamc_t alias spamassassin_t;
|
|
|
|
type spamc_home_t;
|
|
userdom_user_home_content(spamc_home_t)
|
|
typealias spamc_home_t alias { spamassassin_home_t user_spamassassin_home_t staff_spamassassin_home_t sysadm_spamassassin_home_t };
|
|
typealias spamc_home_t alias { auditadm_spamassassin_home_t secadm_spamassassin_home_t };
|
|
typealias spamc_home_t alias { user_spamc_home_t staff_spamc_home_t sysadm_spamc_home_t };
|
|
typealias spamc_home_t alias { auditadm_spamc_home_t secadm_spamc_home_t };
|
|
|
|
type spamc_tmp_t;
|
|
files_tmp_file(spamc_tmp_t)
|
|
typealias spamc_tmp_t alias spamassassin_tmp_t;
|
|
typealias spamc_tmp_t alias { user_spamassassin_tmp_t staff_spamassassin_tmp_t sysadm_spamassassin_tmp_t };
|
|
typealias spamc_tmp_t alias { auditadm_spamassassin_tmp_t secadm_spamassassin_tmp_t };
|
|
|
|
typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
|
|
typealias spamc_tmp_t alias { auditadm_spamc_tmp_t secadm_spamc_tmp_t };
|
|
',`
|
|
type spamassassin_t;
|
|
type spamassassin_exec_t;
|
|
typealias spamassassin_t alias { user_spamassassin_t staff_spamassassin_t sysadm_spamassassin_t };
|
|
typealias spamassassin_t alias { auditadm_spamassassin_t secadm_spamassassin_t };
|
|
application_domain(spamassassin_t, spamassassin_exec_t)
|
|
ubac_constrained(spamassassin_t)
|
|
|
|
type spamassassin_home_t;
|
|
typealias spamassassin_home_t alias { user_spamassassin_home_t staff_spamassassin_home_t sysadm_spamassassin_home_t };
|
|
typealias spamassassin_home_t alias { auditadm_spamassassin_home_t secadm_spamassassin_home_t };
|
|
userdom_user_home_content(spamassassin_home_t)
|
|
files_poly_member(spamassassin_home_t)
|
|
|
|
type spamassassin_tmp_t;
|
|
typealias spamassassin_tmp_t alias { user_spamassassin_tmp_t staff_spamassassin_tmp_t sysadm_spamassassin_tmp_t };
|
|
typealias spamassassin_tmp_t alias { auditadm_spamassassin_tmp_t secadm_spamassassin_tmp_t };
|
|
files_tmp_file(spamassassin_tmp_t)
|
|
ubac_constrained(spamassassin_tmp_t)
|
|
|
|
type spamc_t;
|
|
type spamc_exec_t;
|
|
typealias spamc_t alias { user_spamc_t staff_spamc_t sysadm_spamc_t };
|
|
typealias spamc_t alias { auditadm_spamc_t secadm_spamc_t };
|
|
application_domain(spamc_t, spamc_exec_t)
|
|
ubac_constrained(spamc_t)
|
|
|
|
type spamc_tmp_t;
|
|
typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
|
|
typealias spamc_tmp_t alias { auditadm_spamc_tmp_t secadm_spamc_tmp_t };
|
|
files_tmp_file(spamc_tmp_t)
|
|
ubac_constrained(spamc_tmp_t)
|
|
')
|
|
|
|
type spamd_t;
|
|
type spamd_exec_t;
|
|
init_daemon_domain(spamd_t, spamd_exec_t)
|
|
|
|
type spamd_compiled_t;
|
|
files_type(spamd_compiled_t)
|
|
|
|
type spamd_initrc_exec_t;
|
|
init_script_file(spamd_initrc_exec_t)
|
|
|
|
type spamd_log_t;
|
|
logging_log_file(spamd_log_t)
|
|
|
|
type spamd_spool_t;
|
|
files_type(spamd_spool_t)
|
|
|
|
type spamd_tmp_t;
|
|
files_tmp_file(spamd_tmp_t)
|
|
|
|
# var/lib files
|
|
type spamd_var_lib_t;
|
|
files_type(spamd_var_lib_t)
|
|
|
|
type spamd_var_run_t;
|
|
files_pid_file(spamd_var_run_t)
|
|
|
|
##############################
|
|
#
|
|
# Standalone program local policy
|
|
#
|
|
|
|
allow spamassassin_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
|
allow spamassassin_t self:fd use;
|
|
allow spamassassin_t self:fifo_file rw_fifo_file_perms;
|
|
allow spamassassin_t self:sock_file read_sock_file_perms;
|
|
allow spamassassin_t self:unix_dgram_socket create_socket_perms;
|
|
allow spamassassin_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow spamassassin_t self:unix_dgram_socket sendto;
|
|
allow spamassassin_t self:unix_stream_socket connectto;
|
|
allow spamassassin_t self:shm create_shm_perms;
|
|
allow spamassassin_t self:sem create_sem_perms;
|
|
allow spamassassin_t self:msgq create_msgq_perms;
|
|
allow spamassassin_t self:msg { send receive };
|
|
|
|
manage_dirs_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_lnk_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_fifo_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_sock_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
|
|
userdom_user_home_dir_filetrans(spamassassin_t, spamassassin_home_t, { dir file lnk_file sock_file fifo_file })
|
|
|
|
manage_dirs_pattern(spamassassin_t, spamassassin_tmp_t, spamassassin_tmp_t)
|
|
manage_files_pattern(spamassassin_t, spamassassin_tmp_t, spamassassin_tmp_t)
|
|
files_tmp_filetrans(spamassassin_t, spamassassin_tmp_t, { file dir })
|
|
|
|
manage_dirs_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_lnk_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_fifo_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
|
|
manage_sock_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
|
|
userdom_user_home_dir_filetrans(spamd_t, spamassassin_home_t, { dir file lnk_file sock_file fifo_file })
|
|
|
|
kernel_read_kernel_sysctls(spamassassin_t)
|
|
|
|
dev_read_urand(spamassassin_t)
|
|
|
|
fs_search_auto_mountpoints(spamassassin_t)
|
|
fs_getattr_all_fs(spamassassin_t)
|
|
|
|
# this should probably be removed
|
|
corecmd_list_bin(spamassassin_t)
|
|
corecmd_read_bin_symlinks(spamassassin_t)
|
|
corecmd_read_bin_files(spamassassin_t)
|
|
corecmd_read_bin_pipes(spamassassin_t)
|
|
corecmd_read_bin_sockets(spamassassin_t)
|
|
|
|
domain_use_interactive_fds(spamassassin_t)
|
|
|
|
files_read_etc_files(spamassassin_t)
|
|
files_read_etc_runtime_files(spamassassin_t)
|
|
files_list_home(spamassassin_t)
|
|
files_read_usr_files(spamassassin_t)
|
|
files_dontaudit_search_var(spamassassin_t)
|
|
|
|
logging_send_syslog_msg(spamassassin_t)
|
|
|
|
miscfiles_read_localization(spamassassin_t)
|
|
|
|
# cjp: this could probably be removed
|
|
seutil_read_config(spamassassin_t)
|
|
|
|
sysnet_dns_name_resolve(spamassassin_t)
|
|
|
|
# set tunable if you have spamassassin do DNS lookups
|
|
tunable_policy(`spamassassin_can_network',`
|
|
allow spamassassin_t self:tcp_socket create_stream_socket_perms;
|
|
allow spamassassin_t self:udp_socket create_socket_perms;
|
|
|
|
corenet_all_recvfrom_unlabeled(spamassassin_t)
|
|
corenet_all_recvfrom_netlabel(spamassassin_t)
|
|
corenet_tcp_sendrecv_generic_if(spamassassin_t)
|
|
corenet_udp_sendrecv_generic_if(spamassassin_t)
|
|
corenet_tcp_sendrecv_generic_node(spamassassin_t)
|
|
corenet_udp_sendrecv_generic_node(spamassassin_t)
|
|
corenet_tcp_sendrecv_all_ports(spamassassin_t)
|
|
corenet_udp_sendrecv_all_ports(spamassassin_t)
|
|
corenet_tcp_connect_all_ports(spamassassin_t)
|
|
corenet_sendrecv_all_client_packets(spamassassin_t)
|
|
corenet_udp_bind_generic_node(spamassassin_t)
|
|
corenet_udp_bind_generic_port(spamassassin_t)
|
|
corenet_dontaudit_udp_bind_all_ports(spamassassin_t)
|
|
|
|
sysnet_read_config(spamassassin_t)
|
|
')
|
|
|
|
tunable_policy(`spamd_enable_home_dirs',`
|
|
userdom_manage_user_home_content_dirs(spamd_t)
|
|
userdom_manage_user_home_content_files(spamd_t)
|
|
userdom_manage_user_home_content_symlinks(spamd_t)
|
|
')
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_manage_nfs_dirs(spamassassin_t)
|
|
fs_manage_nfs_files(spamassassin_t)
|
|
fs_manage_nfs_symlinks(spamassassin_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_manage_cifs_dirs(spamassassin_t)
|
|
fs_manage_cifs_files(spamassassin_t)
|
|
fs_manage_cifs_symlinks(spamassassin_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# Write pid file and socket in ~/.evolution/cache/tmp
|
|
evolution_home_filetrans(spamd_t, spamd_tmp_t, { file sock_file })
|
|
')
|
|
|
|
optional_policy(`
|
|
tunable_policy(`spamassassin_can_network && allow_ypbind',`
|
|
nis_use_ypbind_uncond(spamassassin_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_read_config(spamassassin_t)
|
|
sendmail_stub(spamassassin_t)
|
|
sendmail_dontaudit_rw_unix_stream_sockets(spamassassin_t)
|
|
sendmail_dontaudit_rw_tcp_sockets(spamassassin_t)
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# Client local policy
|
|
#
|
|
|
|
allow spamc_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
|
allow spamc_t self:fd use;
|
|
allow spamc_t self:fifo_file rw_fifo_file_perms;
|
|
allow spamc_t self:sock_file read_sock_file_perms;
|
|
allow spamc_t self:shm create_shm_perms;
|
|
allow spamc_t self:sem create_sem_perms;
|
|
allow spamc_t self:msgq create_msgq_perms;
|
|
allow spamc_t self:msg { send receive };
|
|
allow spamc_t self:unix_dgram_socket create_socket_perms;
|
|
allow spamc_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow spamc_t self:unix_dgram_socket sendto;
|
|
allow spamc_t self:unix_stream_socket connectto;
|
|
allow spamc_t self:tcp_socket create_stream_socket_perms;
|
|
allow spamc_t self:udp_socket create_socket_perms;
|
|
|
|
can_exec(spamc_t, spamc_exec_t)
|
|
|
|
manage_dirs_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
|
|
manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
|
|
files_tmp_filetrans(spamc_t, spamc_tmp_t, { file dir })
|
|
|
|
manage_dirs_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
|
manage_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
|
manage_lnk_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
|
manage_fifo_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
|
manage_sock_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
|
userdom_user_home_dir_filetrans(spamc_t, spamc_home_t, { dir file lnk_file sock_file fifo_file })
|
|
userdom_append_user_home_content_files(spamc_t)
|
|
|
|
list_dirs_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
|
|
read_files_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
|
|
|
|
# Allow connecting to a local spamd
|
|
allow spamc_t spamd_t:unix_stream_socket connectto;
|
|
allow spamc_t spamd_tmp_t:sock_file rw_sock_file_perms;
|
|
spamd_stream_connect(spamc_t)
|
|
|
|
kernel_read_kernel_sysctls(spamc_t)
|
|
kernel_read_system_state(spamc_t)
|
|
|
|
corenet_all_recvfrom_unlabeled(spamc_t)
|
|
corenet_all_recvfrom_netlabel(spamc_t)
|
|
corenet_tcp_sendrecv_generic_if(spamc_t)
|
|
corenet_udp_sendrecv_generic_if(spamc_t)
|
|
corenet_tcp_sendrecv_generic_node(spamc_t)
|
|
corenet_udp_sendrecv_generic_node(spamc_t)
|
|
corenet_tcp_sendrecv_all_ports(spamc_t)
|
|
corenet_udp_sendrecv_all_ports(spamc_t)
|
|
corenet_tcp_connect_all_ports(spamc_t)
|
|
corenet_sendrecv_all_client_packets(spamc_t)
|
|
corenet_tcp_connect_spamd_port(spamc_t)
|
|
|
|
fs_search_auto_mountpoints(spamc_t)
|
|
|
|
# cjp: these should probably be removed:
|
|
corecmd_list_bin(spamc_t)
|
|
corecmd_read_bin_symlinks(spamc_t)
|
|
corecmd_read_bin_files(spamc_t)
|
|
corecmd_read_bin_pipes(spamc_t)
|
|
corecmd_read_bin_sockets(spamc_t)
|
|
|
|
domain_use_interactive_fds(spamc_t)
|
|
|
|
files_read_etc_files(spamc_t)
|
|
files_read_etc_runtime_files(spamc_t)
|
|
files_read_usr_files(spamc_t)
|
|
files_dontaudit_search_var(spamc_t)
|
|
# cjp: this may be removable:
|
|
files_list_home(spamc_t)
|
|
files_list_var_lib(spamc_t)
|
|
|
|
fs_search_auto_mountpoints(spamc_t)
|
|
|
|
logging_send_syslog_msg(spamc_t)
|
|
|
|
auth_use_nsswitch(spamc_t)
|
|
|
|
miscfiles_read_localization(spamc_t)
|
|
|
|
# cjp: this should probably be removed:
|
|
seutil_read_config(spamc_t)
|
|
|
|
sysnet_read_config(spamc_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_manage_nfs_dirs(spamc_t)
|
|
fs_manage_nfs_files(spamc_t)
|
|
fs_manage_nfs_symlinks(spamc_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_manage_cifs_dirs(spamc_t)
|
|
fs_manage_cifs_files(spamc_t)
|
|
fs_manage_cifs_symlinks(spamc_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# Allow connection to spamd socket above
|
|
evolution_stream_connect(spamc_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
milter_manage_spamass_state(spamc_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
postfix_domtrans_postdrop(spamc_t)
|
|
postfix_search_spool(spamc_t)
|
|
postfix_rw_local_pipes(spamc_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_send_mail(spamc_t)
|
|
mta_read_config(spamc_t)
|
|
mta_read_queue(spamc_t)
|
|
sendmail_stub(spamc_t)
|
|
sendmail_rw_pipes(spamc_t)
|
|
sendmail_dontaudit_rw_tcp_sockets(spamc_t)
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# Server local policy
|
|
#
|
|
|
|
# Spamassassin, when run as root and using per-user config files,
|
|
# setuids to the user running spamc. Comment this if you are not
|
|
# using this ability.
|
|
|
|
allow spamd_t self:capability { kill setuid setgid dac_override sys_tty_config };
|
|
dontaudit spamd_t self:capability sys_tty_config;
|
|
allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
|
allow spamd_t self:fd use;
|
|
allow spamd_t self:fifo_file rw_fifo_file_perms;
|
|
allow spamd_t self:sock_file read_sock_file_perms;
|
|
allow spamd_t self:shm create_shm_perms;
|
|
allow spamd_t self:sem create_sem_perms;
|
|
allow spamd_t self:msgq create_msgq_perms;
|
|
allow spamd_t self:msg { send receive };
|
|
allow spamd_t self:unix_dgram_socket create_socket_perms;
|
|
allow spamd_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow spamd_t self:unix_dgram_socket sendto;
|
|
allow spamd_t self:unix_stream_socket connectto;
|
|
allow spamd_t self:tcp_socket create_stream_socket_perms;
|
|
allow spamd_t self:udp_socket create_socket_perms;
|
|
|
|
can_exec(spamd_t, spamd_compiled_t)
|
|
manage_dirs_pattern(spamd_t, spamd_compiled_t, spamd_compiled_t)
|
|
manage_files_pattern(spamd_t, spamd_compiled_t, spamd_compiled_t)
|
|
|
|
manage_files_pattern(spamd_t, spamd_log_t, spamd_log_t)
|
|
logging_log_filetrans(spamd_t, spamd_log_t, file)
|
|
|
|
manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
|
|
manage_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
|
|
manage_sock_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
|
|
files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
|
|
|
|
manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
|
|
manage_files_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
|
|
files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
|
|
|
|
# var/lib files for spamd
|
|
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
|
|
manage_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
|
|
manage_lnk_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
|
|
|
|
manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
|
|
manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
|
|
manage_sock_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
|
|
files_pid_filetrans(spamd_t, spamd_var_run_t, { file dir })
|
|
|
|
can_exec(spamd_t, spamd_exec_t)
|
|
|
|
kernel_read_all_sysctls(spamd_t)
|
|
kernel_read_system_state(spamd_t)
|
|
|
|
corenet_all_recvfrom_unlabeled(spamd_t)
|
|
corenet_all_recvfrom_netlabel(spamd_t)
|
|
corenet_tcp_sendrecv_generic_if(spamd_t)
|
|
corenet_udp_sendrecv_generic_if(spamd_t)
|
|
corenet_tcp_sendrecv_generic_node(spamd_t)
|
|
corenet_udp_sendrecv_generic_node(spamd_t)
|
|
corenet_tcp_sendrecv_all_ports(spamd_t)
|
|
corenet_udp_sendrecv_all_ports(spamd_t)
|
|
corenet_tcp_bind_generic_node(spamd_t)
|
|
corenet_tcp_bind_spamd_port(spamd_t)
|
|
corenet_tcp_connect_razor_port(spamd_t)
|
|
corenet_tcp_connect_smtp_port(spamd_t)
|
|
corenet_sendrecv_razor_client_packets(spamd_t)
|
|
corenet_sendrecv_spamd_server_packets(spamd_t)
|
|
# spamassassin 3.1 needs this for its
|
|
# DnsResolver.pm module which binds to
|
|
# random ports >= 1024.
|
|
corenet_udp_bind_generic_node(spamd_t)
|
|
corenet_udp_bind_generic_port(spamd_t)
|
|
corenet_udp_bind_imaze_port(spamd_t)
|
|
corenet_dontaudit_udp_bind_all_ports(spamd_t)
|
|
corenet_sendrecv_imaze_server_packets(spamd_t)
|
|
corenet_sendrecv_generic_server_packets(spamd_t)
|
|
|
|
dev_read_sysfs(spamd_t)
|
|
dev_read_urand(spamd_t)
|
|
|
|
fs_getattr_all_fs(spamd_t)
|
|
fs_search_auto_mountpoints(spamd_t)
|
|
|
|
auth_dontaudit_read_shadow(spamd_t)
|
|
|
|
corecmd_exec_bin(spamd_t)
|
|
|
|
domain_use_interactive_fds(spamd_t)
|
|
|
|
files_read_usr_files(spamd_t)
|
|
files_read_etc_files(spamd_t)
|
|
files_read_etc_runtime_files(spamd_t)
|
|
# /var/lib/spamassin
|
|
files_read_var_lib_files(spamd_t)
|
|
|
|
init_dontaudit_rw_utmp(spamd_t)
|
|
|
|
auth_use_nsswitch(spamd_t)
|
|
|
|
logging_send_syslog_msg(spamd_t)
|
|
|
|
miscfiles_read_localization(spamd_t)
|
|
|
|
userdom_use_unpriv_users_fds(spamd_t)
|
|
userdom_search_user_home_dirs(spamd_t)
|
|
|
|
optional_policy(`
|
|
exim_manage_spool_dirs(spamd_t)
|
|
exim_manage_spool_files(spamd_t)
|
|
')
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_manage_nfs_dirs(spamd_t)
|
|
fs_manage_nfs_files(spamd_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_manage_cifs_dirs(spamd_t)
|
|
fs_manage_cifs_files(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
amavis_manage_lib_files(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_system_entry(spamd_t, spamd_exec_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
daemontools_service_domain(spamd_t, spamd_exec_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dcc_domtrans_cdcc(spamd_t)
|
|
dcc_domtrans_client(spamd_t)
|
|
dcc_signal_client(spamd_t)
|
|
dcc_stream_connect_dccifd(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
milter_manage_spamass_state(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mysql_tcp_connect(spamd_t)
|
|
mysql_search_db(spamd_t)
|
|
mysql_stream_connect(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
postfix_read_config(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
postgresql_tcp_connect(spamd_t)
|
|
postgresql_stream_connect(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
pyzor_domtrans(spamd_t)
|
|
pyzor_signal(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
razor_domtrans(spamd_t)
|
|
razor_read_lib_files(spamd_t)
|
|
tunable_policy(`spamd_enable_home_dirs',`
|
|
razor_manage_user_home_files(spamd_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
seutil_sigchld_newrole(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sendmail_stub(spamd_t)
|
|
mta_read_config(spamd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
udev_read_db(spamd_t)
|
|
')
|