0f7c400223
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
54 lines
1.7 KiB
Plaintext
54 lines
1.7 KiB
Plaintext
policy_module(postfixpolicyd, 1.2.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type postfix_policyd_t;
|
|
type postfix_policyd_exec_t;
|
|
init_daemon_domain(postfix_policyd_t, postfix_policyd_exec_t)
|
|
|
|
type postfix_policyd_conf_t;
|
|
files_config_file(postfix_policyd_conf_t)
|
|
|
|
type postfix_policyd_initrc_exec_t;
|
|
init_script_file(postfix_policyd_initrc_exec_t)
|
|
|
|
type postfix_policyd_var_run_t;
|
|
files_pid_file(postfix_policyd_var_run_t)
|
|
|
|
########################################
|
|
#
|
|
# Local Policy
|
|
#
|
|
|
|
allow postfix_policyd_t self:capability { sys_resource sys_chroot setgid setuid };
|
|
allow postfix_policyd_t self:process setrlimit;
|
|
allow postfix_policyd_t self:tcp_socket create_stream_socket_perms;
|
|
allow postfix_policyd_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
allow postfix_policyd_t postfix_policyd_conf_t:dir list_dir_perms;
|
|
allow postfix_policyd_t postfix_policyd_conf_t:file read_file_perms;
|
|
allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms;
|
|
|
|
manage_files_pattern(postfix_policyd_t, postfix_policyd_var_run_t, postfix_policyd_var_run_t)
|
|
files_pid_filetrans(postfix_policyd_t, postfix_policyd_var_run_t, file)
|
|
|
|
corenet_all_recvfrom_unlabeled(postfix_policyd_t)
|
|
corenet_tcp_sendrecv_generic_if(postfix_policyd_t)
|
|
corenet_tcp_sendrecv_generic_node(postfix_policyd_t)
|
|
corenet_tcp_sendrecv_all_ports(postfix_policyd_t)
|
|
corenet_tcp_bind_generic_node(postfix_policyd_t)
|
|
corenet_tcp_bind_postfix_policyd_port(postfix_policyd_t)
|
|
corenet_tcp_bind_mysqld_port(postfix_policyd_t)
|
|
|
|
files_read_etc_files(postfix_policyd_t)
|
|
files_read_usr_files(postfix_policyd_t)
|
|
|
|
logging_send_syslog_msg(postfix_policyd_t)
|
|
|
|
miscfiles_read_localization(postfix_policyd_t)
|
|
|
|
sysnet_dns_name_resolve(postfix_policyd_t)
|