2528a2d701
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
81 lines
1.8 KiB
Plaintext
81 lines
1.8 KiB
Plaintext
## <summary>Postfix grey-listing server</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to postgrey socket
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`postgrey_stream_connect',`
|
|
gen_require(`
|
|
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
|
|
')
|
|
|
|
stream_connect_pattern($1, postgrey_var_run_t, postgrey_var_run_t, postgrey_t)
|
|
stream_connect_pattern($1, postgrey_spool_t, postgrey_spool_t, postgrey_t)
|
|
files_search_pids($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the spool directory
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`postgrey_search_spool',`
|
|
gen_require(`
|
|
type postgrey_spool_t;
|
|
')
|
|
|
|
allow $1 postgrey_spool_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an postgrey environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role to be allowed to manage the postgrey domain.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`postgrey_admin',`
|
|
gen_require(`
|
|
type postgrey_t, postgrey_etc_t, postgrey_initrc_exec_t;
|
|
type postgrey_var_lib_t, postgrey_var_run_t;
|
|
')
|
|
|
|
allow $1 postgrey_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, postgrey_t)
|
|
|
|
init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 postgrey_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
files_list_etc($1)
|
|
admin_pattern($1, postgrey_etc_t)
|
|
|
|
files_list_var_lib($1)
|
|
admin_pattern($1, postgrey_var_lib_t)
|
|
|
|
files_list_pids($1)
|
|
admin_pattern($1, postgrey_var_run_t)
|
|
')
|