rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
9267e7053f
selinux-policy/policy/modules/services/exim.te
Dominick Grift 68ac47d8c5 Whitespace, newline and tab fixes. 
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:41:42 +02:00

212 lines
4.9 KiB
Plaintext
Raw Blame History

policy_module(exim, 1.5.0)
########################################
#
# Declarations
#
## <desc>
## <p>
## Allow exim to connect to databases (postgres, mysql)
## </p>
## </desc>
gen_tunable(exim_can_connect_db, false)
## <desc>
## <p>
## Allow exim to read unprivileged user files.
## </p>
## </desc>
gen_tunable(exim_read_user_files, false)
## <desc>
## <p>
## Allow exim to create, read, write, and delete
## unprivileged user files.
## </p>
## </desc>
gen_tunable(exim_manage_user_files, false)
type exim_t;
type exim_exec_t;
init_daemon_domain(exim_t, exim_exec_t)
mta_mailserver(exim_t, exim_exec_t)
mta_mailserver_user_agent(exim_t)
application_executable_file(exim_exec_t)
mta_agent_executable(exim_exec_t)
type exim_initrc_exec_t;
init_script_file(exim_initrc_exec_t)
type exim_log_t;
logging_log_file(exim_log_t)
type exim_spool_t;
files_type(exim_spool_t)
type exim_tmp_t;
files_tmp_file(exim_tmp_t)
type exim_var_run_t;
files_pid_file(exim_var_run_t)
########################################
#
# exim local policy
#
allow exim_t self:capability { chown dac_override dac_read_search fowner setuid setgid sys_resource };
allow exim_t self:process { setrlimit setpgid };
allow exim_t self:fifo_file rw_fifo_file_perms;
allow exim_t self:unix_stream_socket create_stream_socket_perms;
allow exim_t self:tcp_socket create_stream_socket_perms;
allow exim_t self:udp_socket create_socket_perms;
can_exec(exim_t, exim_exec_t)
manage_files_pattern(exim_t, exim_log_t, exim_log_t)
logging_log_filetrans(exim_t, exim_log_t, { file dir })
manage_dirs_pattern(exim_t, exim_spool_t, exim_spool_t)
manage_files_pattern(exim_t, exim_spool_t, exim_spool_t)
manage_sock_files_pattern(exim_t, exim_spool_t, exim_spool_t)
files_spool_filetrans(exim_t, exim_spool_t, { file dir sock_file })
manage_dirs_pattern(exim_t, exim_tmp_t, exim_tmp_t)
manage_files_pattern(exim_t, exim_tmp_t, exim_tmp_t)
files_tmp_filetrans(exim_t, exim_tmp_t, { file dir })
manage_dirs_pattern(exim_t, exim_var_run_t, exim_var_run_t)
manage_files_pattern(exim_t, exim_var_run_t, exim_var_run_t)
files_pid_filetrans(exim_t, exim_var_run_t, { file dir })
kernel_read_kernel_sysctls(exim_t)
kernel_read_network_state(exim_t)
kernel_dontaudit_read_system_state(exim_t)
corecmd_search_bin(exim_t)
corenet_all_recvfrom_unlabeled(exim_t)
corenet_all_recvfrom_netlabel(exim_t)
corenet_tcp_sendrecv_generic_if(exim_t)
corenet_udp_sendrecv_generic_if(exim_t)
corenet_tcp_sendrecv_generic_node(exim_t)
corenet_udp_sendrecv_generic_node(exim_t)
corenet_tcp_sendrecv_all_ports(exim_t)
corenet_tcp_bind_generic_node(exim_t)
corenet_tcp_bind_smtp_port(exim_t)
corenet_tcp_bind_amavisd_send_port(exim_t)
corenet_tcp_connect_auth_port(exim_t)
corenet_tcp_connect_smtp_port(exim_t)
corenet_tcp_connect_ldap_port(exim_t)
corenet_tcp_connect_inetd_child_port(exim_t)
# connect to spamassassin
corenet_tcp_connect_spamd_port(exim_t)
dev_read_rand(exim_t)
dev_read_urand(exim_t)
# Init script handling
domain_use_interactive_fds(exim_t)
files_search_usr(exim_t)
files_search_var(exim_t)
files_read_etc_files(exim_t)
files_read_etc_runtime_files(exim_t)
files_getattr_all_mountpoints(exim_t)
fs_getattr_xattr_fs(exim_t)
fs_list_inotifyfs(exim_t)
auth_use_nsswitch(exim_t)
logging_send_syslog_msg(exim_t)
miscfiles_read_localization(exim_t)
miscfiles_read_generic_certs(exim_t)
userdom_dontaudit_search_user_home_dirs(exim_t)
mta_read_aliases(exim_t)
mta_read_config(exim_t)
mta_manage_spool(exim_t)
mta_mailserver_delivery(exim_t)
tunable_policy(`exim_can_connect_db',`
corenet_tcp_connect_mysqld_port(exim_t)
corenet_sendrecv_mysqld_client_packets(exim_t)
corenet_tcp_connect_postgresql_port(exim_t)
corenet_sendrecv_postgresql_client_packets(exim_t)
')
tunable_policy(`exim_read_user_files',`
userdom_read_user_home_content_files(exim_t)
userdom_read_user_tmp_files(exim_t)
')
tunable_policy(`exim_manage_user_files',`
userdom_manage_user_home_content_dirs(exim_t)
userdom_read_user_tmp_files(exim_t)
userdom_write_user_tmp_files(exim_t)
')
optional_policy(`
clamav_domtrans_clamscan(exim_t)
clamav_stream_connect(exim_t)
')
optional_policy(`
cron_read_pipes(exim_t)
cron_rw_system_job_pipes(exim_t)
')
optional_policy(`
cyrus_stream_connect(exim_t)
')
optional_policy(`
kerberos_keytab_template(exim, exim_t)
')
optional_policy(`
mailman_read_data_files(exim_t)
mailman_domtrans(exim_t)
')
optional_policy(`
nagios_search_spool(exim_t)
')
optional_policy(`
tunable_policy(`exim_can_connect_db',`
mysql_stream_connect(exim_t)
')
')
optional_policy(`
tunable_policy(`exim_can_connect_db',`
postgresql_stream_connect(exim_t)
')
')
optional_policy(`
procmail_domtrans(exim_t)
procmail_read_home_files(exim_t)
')
optional_policy(`
sasl_connect(exim_t)
')
optional_policy(`
# https://bugzilla.redhat.com/show_bug.cgi?id=512710
# uses sendmail for outgoing mail and exim
# for incoming mail
sendmail_manage_tmp_files(exim_t)
')
optional_policy(`
spamassassin_exec(exim_t)
spamassassin_exec_client(exim_t)
')
Reference in New Issue View Git Blame Copy Permalink