selinux-policy/policy/modules/services/postgrey.if
Dominick Grift ddbd71a506 Search parent directory to be able to interact with targets content.
Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.

Search parent directory to be able to interact with targets content.
2010-09-21 13:49:59 +02:00

82 lines
1.8 KiB
Plaintext

## <summary>Postfix grey-listing server</summary>
########################################
## <summary>
## Write to postgrey socket
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`postgrey_stream_connect',`
gen_require(`
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
')
stream_connect_pattern($1, { postgrey_spool_t postgrey_var_run_t }, { postgrey_spool_t postgrey_var_run_t }, postgrey_t)
files_search_pids($1)
files_search_spool($1)
')
########################################
## <summary>
## Search the spool directory
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`postgrey_search_spool',`
gen_require(`
type postgrey_spool_t;
')
files_search_spool($1)
allow $1 postgrey_spool_t:dir search_dir_perms;
')
########################################
## <summary>
## All of the rules required to administrate
## an postgrey environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the postgrey domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`postgrey_admin',`
gen_require(`
type postgrey_t, postgrey_etc_t, postgrey_initrc_exec_t;
type postgrey_var_lib_t, postgrey_var_run_t;
')
allow $1 postgrey_t:process { ptrace signal_perms };
ps_process_pattern($1, postgrey_t)
init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 postgrey_initrc_exec_t system_r;
allow $2 system_r;
files_list_etc($1)
admin_pattern($1, postgrey_etc_t)
files_list_var_lib($1)
admin_pattern($1, postgrey_var_lib_t)
files_list_pids($1)
admin_pattern($1, postgrey_var_run_t)
')