selinux-policy/strict/domains/program/unused/razor.te
2005-09-12 21:40:56 +00:00

54 lines
1.4 KiB
Plaintext

#
# Razor - Vipul's Razor is a distributed, collaborative, spam
# detection and filtering network.
#
# Author: David Hampton <hampton@employees.org>
#
# NOTE: This policy will work with either the ATrpms provided config
# file in /etc/razor, or with the default of dumping everything into
# $HOME/.razor.
##########
# Razor query application - from system_r applictions
##########
type razor_t, domain, privlog, daemon;
type razor_exec_t, file_type, sysadmfile, exec_type;
role system_r types razor_t;
razor_base_domain(razor)
# Razor config file directory. When invoked as razor-admin, it can
# update files in this directory.
etcdir_domain(razor)
create_dir_file(razor_t, razor_etc_t);
# Shared razor files updated freuently
var_lib_domain(razor)
# Log files
log_domain(razor)
allow razor_t var_log_t:dir search;
ifdef(`logrotate.te', `
allow logrotate_t razor_log_t:file r_file_perms;
')
##########
##########
#
# Some spam filters executes the razor code directly. Allow them access here.
#
define(`razor_access',`
r_dir_file($1, razor_etc_t)
allow $1 var_log_t:dir search;
allow $1 razor_log_t:file ra_file_perms;
r_dir_file($1, razor_var_lib_t)
r_dir_file($1, sysadm_razor_home_t)
can_network_client_tcp($1, razor_port_t)
allow $1 razor_port_t:tcp_socket name_connect;
')
ifdef(`spamd.te', `razor_access(spamd_t)');
ifdef(`amavis.te', `razor_access(amavisd_t)');