45 lines
984 B
Plaintext
45 lines
984 B
Plaintext
## <summary>Cyrus is an IMAP service intended to be run on sealed servers</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow caller to create, read, write,
|
|
## and delete cyrus data files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cyrus_manage_data',`
|
|
gen_require(`
|
|
type cyrus_var_lib_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
allow $1 cyrus_var_lib_t:dir rw_dir_perms;
|
|
allow $1 cyrus_var_lib_t:file manage_file_perms;
|
|
')
|
|
|
|
|
|
########################################
|
|
## <summary>
|
|
## Connect to Cyrus using a unix domain stream socket.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cyrus_stream_connect',`
|
|
gen_require(`
|
|
type cyrus_t, cyrus_var_lib_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
allow $1 cyrus_var_lib_t:dir search;
|
|
allow $1 cyrus_var_lib_t:sock_file write;
|
|
allow $1 cyrus_t:unix_stream_socket connectto;
|
|
')
|