## Courier IMAP and POP3 email servers. ####################################### ## ## The template to define a courier domain. ## ## ## ## Domain prefix to be used. ## ## # template(`courier_domain_template',` gen_require(` attribute courier_domain; ') ######################################## # # Declarations # type courier_$1_t, courier_domain; type courier_$1_exec_t; init_daemon_domain(courier_$1_t, courier_$1_exec_t) ######################################## # # Policy # can_exec(courier_$1_t, courier_$1_exec_t) ') ######################################## ## ## Execute the courier authentication ## daemon with a domain transition. ## ## ## ## Domain allowed to transition. ## ## # interface(`courier_domtrans_authdaemon',` gen_require(` type courier_authdaemon_t, courier_authdaemon_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, courier_authdaemon_exec_t, courier_authdaemon_t) ') ####################################### ## ## Connect to courier-authdaemon over ## a unix stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`courier_stream_connect_authdaemon',` gen_require(` type courier_authdaemon_t, courier_runtime_t; ') files_search_spool($1) stream_connect_pattern($1, courier_runtime_t, courier_runtime_t, courier_authdaemon_t) ') ######################################## ## ## Execute the courier POP3 and IMAP ## server with a domain transition. ## ## ## ## Domain allowed to transition. ## ## # interface(`courier_domtrans_pop',` gen_require(` type courier_pop_t, courier_pop_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, courier_pop_exec_t, courier_pop_t) ') ######################################## ## ## Read courier config files. ## ## ## ## Domain allowed access. ## ## # interface(`courier_read_config',` gen_require(` type courier_etc_t; ') files_search_etc($1) read_files_pattern($1, courier_etc_t, courier_etc_t) ') ######################################## ## ## Create, read, write, and delete courier ## spool directories. ## ## ## ## Domain allowed access. ## ## # interface(`courier_manage_spool_dirs',` gen_require(` type courier_spool_t; ') files_search_var($1) manage_dirs_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ## ## Create, read, write, and delete courier ## spool files. ## ## ## ## Domain allowed access. ## ## # interface(`courier_manage_spool_files',` gen_require(` type courier_spool_t; ') files_search_var($1) manage_files_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ## ## Read courier spool files. ## ## ## ## Domain allowed access. ## ## # interface(`courier_read_spool',` gen_require(` type courier_spool_t; ') files_search_var($1) read_files_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ## ## Read and write courier spool pipes. ## ## ## ## Domain allowed access. ## ## # interface(`courier_rw_spool_pipes',` gen_require(` type courier_spool_t; ') files_search_var($1) allow $1 courier_spool_t:fifo_file rw_fifo_file_perms; ')