58 lines
1.5 KiB
Plaintext
58 lines
1.5 KiB
Plaintext
|
#
|
||
|
# Pyzor - Pyzor is a collaborative, networked system to detect and
|
||
|
# block spam using identifying digests of messages.
|
||
|
#
|
||
|
# Author: David Hampton <hampton@employees.org>
|
||
|
#
|
||
|
|
||
|
# NOTE: This policy is based upon the FC3 pyzor rpm from ATrpms.
|
||
|
# Pyzor normally dumps everything into $HOME/.pyzor. By putting the
|
||
|
# following line to the spamassassin config file:
|
||
|
#
|
||
|
# pyzor_options --homedir /etc/pyzor
|
||
|
#
|
||
|
# the various files will be put into appropriate directories.
|
||
|
# (I.E. The log file into /var/log, etc.) This policy will work
|
||
|
# either way.
|
||
|
|
||
|
##########
|
||
|
# pyzor daemon
|
||
|
##########
|
||
|
daemon_domain(pyzord, `, privlog, nscd_client_domain')
|
||
|
pyzor_base_domain(pyzord)
|
||
|
allow pyzord_t pyzor_port_t:udp_socket name_bind;
|
||
|
home_domain_access(pyzord_t, sysadm, pyzor)
|
||
|
log_domain(pyzord)
|
||
|
|
||
|
# Read shared daemon/client config file
|
||
|
r_dir_file(pyzord_t, pyzor_etc_t)
|
||
|
|
||
|
# Write shared daemon/client data dir
|
||
|
allow pyzord_t var_lib_t:dir search;
|
||
|
create_dir_file(pyzord_t, pyzor_var_lib_t)
|
||
|
|
||
|
##########
|
||
|
# Pyzor query application - from system_r applictions
|
||
|
##########
|
||
|
type pyzor_t, domain, privlog, daemon;
|
||
|
type pyzor_exec_t, file_type, sysadmfile, exec_type;
|
||
|
role system_r types pyzor_t;
|
||
|
|
||
|
pyzor_base_domain(pyzor)
|
||
|
|
||
|
# System config/data files
|
||
|
etcdir_domain(pyzor)
|
||
|
var_lib_domain(pyzor)
|
||
|
|
||
|
##########
|
||
|
##########
|
||
|
|
||
|
#
|
||
|
# Some spam filters executes the pyzor code directly. Allow them access here.
|
||
|
#
|
||
|
ifdef(`spamd.te',`
|
||
|
domain_auto_trans(spamd_t, pyzor_exec_t, pyzor_t);
|
||
|
# pyzor needs access to the email spamassassin is checking
|
||
|
allow pyzor_t spamd_tmp_t:file r_file_perms;
|
||
|
')
|