selinux-policy/policy/modules/services/pyzor.if
2008-11-05 16:10:46 +00:00

91 lines
1.7 KiB
Plaintext

## <summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
########################################
## <summary>
## Role access for pyzor
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`pyzor_role',`
gen_require(`
type pyzor_t, pyzor_exec_t;
type pyzor_home_t, pyzor_var_lib_t, pyzor_tmp_t;
')
role $1 types pyzor_t;
# Transition from the user domain to the derived domain.
domtrans_pattern($2, pyzor_exec_t, pyzor_t)
# allow ps to show pyzor and allow the user to kill it
ps_process_pattern($2, pyzor_t)
allow $2 pyzor_t:process signal;
')
########################################
## <summary>
## Send generic signals to pyzor
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`pyzor_signal',`
gen_require(`
type pyzor_t;
')
allow $1 pyzor_t:process signal;
')
########################################
## <summary>
## Execute pyzor with a domain transition.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`pyzor_domtrans',`
gen_require(`
type pyzor_exec_t, pyzor_t;
')
files_search_usr($1)
corecmd_search_bin($1)
domtrans_pattern($1, pyzor_exec_t, pyzor_t)
')
########################################
## <summary>
## Execute pyzor in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`pyzor_exec',`
gen_require(`
type pyzor_exec_t;
')
files_search_usr($1)
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
')