selinux-refpolicy/strict/domains/program/unused/pyzor.te

58 lines
1.5 KiB
Plaintext
Raw Normal View History

#
# Pyzor - Pyzor is a collaborative, networked system to detect and
# block spam using identifying digests of messages.
#
# Author: David Hampton <hampton@employees.org>
#
# NOTE: This policy is based upon the FC3 pyzor rpm from ATrpms.
# Pyzor normally dumps everything into $HOME/.pyzor. By putting the
# following line to the spamassassin config file:
#
# pyzor_options --homedir /etc/pyzor
#
# the various files will be put into appropriate directories.
# (I.E. The log file into /var/log, etc.) This policy will work
# either way.
##########
# pyzor daemon
##########
daemon_domain(pyzord, `, privlog, nscd_client_domain')
pyzor_base_domain(pyzord)
allow pyzord_t pyzor_port_t:udp_socket name_bind;
home_domain_access(pyzord_t, sysadm, pyzor)
log_domain(pyzord)
# Read shared daemon/client config file
r_dir_file(pyzord_t, pyzor_etc_t)
# Write shared daemon/client data dir
allow pyzord_t var_lib_t:dir search;
create_dir_file(pyzord_t, pyzor_var_lib_t)
##########
# Pyzor query application - from system_r applictions
##########
type pyzor_t, domain, privlog, daemon;
type pyzor_exec_t, file_type, sysadmfile, exec_type;
role system_r types pyzor_t;
pyzor_base_domain(pyzor)
# System config/data files
etcdir_domain(pyzor)
var_lib_domain(pyzor)
##########
##########
#
# Some spam filters executes the pyzor code directly. Allow them access here.
#
ifdef(`spamd.te',`
domain_auto_trans(spamd_t, pyzor_exec_t, pyzor_t);
# pyzor needs access to the email spamassassin is checking
allow pyzor_t spamd_tmp_t:file r_file_perms;
')