Advertisement
Guest User

Untitled

a guest
May 24th, 2015
261
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 78.84 KB | None | 0 0
  1. (filecon "/etc/dovecot(/.*)?" any (system_u object_r dovecot_etc_t (systemlow systemlow)))
  2. (filecon "/etc/dovecot/passwd.*" any (system_u object_r dovecot_passwd_t (systemlow systemlow)))
  3. (filecon "/etc/dovecot\.conf.*" any (system_u object_r dovecot_etc_t (systemlow systemlow)))
  4. (filecon "/etc/dovecot\.passwd.*" any (system_u object_r dovecot_passwd_t (systemlow systemlow)))
  5. (filecon "/etc/pki/dovecot(/.*)?" any (system_u object_r dovecot_cert_t (systemlow systemlow)))
  6. (filecon "/etc/rc\.d/init\.d/dovecot" file (system_u object_r dovecot_initrc_exec_t (systemlow systemlow)))
  7. (filecon "/usr/sbin/dovecot" file (system_u object_r dovecot_exec_t (systemlow systemlow)))
  8. (filecon "/usr/share/ssl/certs/dovecot\.pem" file (system_u object_r dovecot_cert_t (systemlow systemlow)))
  9. (filecon "/usr/share/ssl/private/dovecot\.pem" file (system_u object_r dovecot_cert_t (systemlow systemlow)))
  10. (filecon "/etc/ssl/dovecot(/.*)?" any (system_u object_r dovecot_cert_t (systemlow systemlow)))
  11. (filecon "/usr/lib/dovecot/auth" file (system_u object_r dovecot_auth_exec_t (systemlow systemlow)))
  12. (filecon "/usr/lib/dovecot/deliver" file (system_u object_r dovecot_deliver_exec_t (systemlow systemlow)))
  13. (filecon "/usr/lib/dovecot/dovecot-auth" file (system_u object_r dovecot_auth_exec_t (systemlow systemlow)))
  14. (filecon "/usr/lib/dovecot/dovecot-lda" file (system_u object_r dovecot_deliver_exec_t (systemlow systemlow)))
  15. (filecon "/usr/libexec/dovecot/auth" file (system_u object_r dovecot_auth_exec_t (systemlow systemlow)))
  16. (filecon "/usr/libexec/dovecot/deliver" file (system_u object_r dovecot_deliver_exec_t (systemlow systemlow)))
  17. (filecon "/usr/libexec/dovecot/deliver-lda" file (system_u object_r dovecot_deliver_exec_t (systemlow systemlow)))
  18. (filecon "/usr/libexec/dovecot/dovecot-auth" file (system_u object_r dovecot_auth_exec_t (systemlow systemlow)))
  19. (filecon "/var/run/dovecot(-login)?(/.*)?" any (system_u object_r dovecot_var_run_t (systemlow systemlow)))
  20. (filecon "/var/run/dovecot/login/ssl-parameters.dat" file (system_u object_r dovecot_var_lib_t (systemlow systemlow)))
  21. (filecon "/var/lib/dovecot(/.*)?" any (system_u object_r dovecot_var_lib_t (systemlow systemlow)))
  22. (filecon "/var/log/dovecot(/.*)?" any (system_u object_r dovecot_var_log_t (systemlow systemlow)))
  23. (filecon "/var/log/dovecot\.log.*" any (system_u object_r dovecot_var_log_t (systemlow systemlow)))
  24. (filecon "/var/spool/dovecot(/.*)?" any (system_u object_r dovecot_spool_t (systemlow systemlow)))
  25. (typeattribute dovecot_domain)
  26. (typeattributeset dovecot_domain (dovecot_t dovecot_auth_t dovecot_deliver_t ))
  27. (type dovecot_t)
  28. (roletype object_r dovecot_t)
  29. (type dovecot_exec_t)
  30. (roletype object_r dovecot_exec_t)
  31. (type dovecot_auth_t)
  32. (roletype object_r dovecot_auth_t)
  33. (type dovecot_auth_exec_t)
  34. (roletype object_r dovecot_auth_exec_t)
  35. (type dovecot_auth_tmp_t)
  36. (roletype object_r dovecot_auth_tmp_t)
  37. (type dovecot_cert_t)
  38. (roletype object_r dovecot_cert_t)
  39. (type dovecot_deliver_t)
  40. (roletype object_r dovecot_deliver_t)
  41. (type dovecot_deliver_exec_t)
  42. (roletype object_r dovecot_deliver_exec_t)
  43. (type dovecot_deliver_tmp_t)
  44. (roletype object_r dovecot_deliver_tmp_t)
  45. (type dovecot_etc_t)
  46. (roletype object_r dovecot_etc_t)
  47. (type dovecot_initrc_exec_t)
  48. (roletype object_r dovecot_initrc_exec_t)
  49. (type dovecot_keytab_t)
  50. (roletype object_r dovecot_keytab_t)
  51. (type dovecot_passwd_t)
  52. (roletype object_r dovecot_passwd_t)
  53. (type dovecot_spool_t)
  54. (roletype object_r dovecot_spool_t)
  55. (type dovecot_tmp_t)
  56. (roletype object_r dovecot_tmp_t)
  57. (type dovecot_var_lib_t)
  58. (roletype object_r dovecot_var_lib_t)
  59. (type dovecot_var_log_t)
  60. (roletype object_r dovecot_var_log_t)
  61. (type dovecot_var_run_t)
  62. (roletype object_r dovecot_var_run_t)
  63. (roleattributeset cil_gen_require system_r)
  64. (roletype system_r dovecot_t)
  65. (roletype system_r dovecot_auth_t)
  66. (roletype system_r dovecot_deliver_t)
  67. (typeattributeset cil_gen_require initrc_t)
  68. (typeattributeset cil_gen_require daemon)
  69. (typeattributeset daemon (dovecot_t ))
  70. (typeattributeset cil_gen_require domain)
  71. (typeattributeset domain (dovecot_t dovecot_auth_t dovecot_deliver_t ))
  72. (typeattributeset cil_gen_require init_t)
  73. (typeattributeset cil_gen_require sysfs_t)
  74. (typeattributeset cil_gen_require selinux_config_t)
  75. (typeattributeset cil_gen_require entry_type)
  76. (typeattributeset entry_type (dovecot_exec_t dovecot_auth_exec_t dovecot_deliver_exec_t dovecot_initrc_exec_t ))
  77. (typeattributeset cil_gen_require exec_type)
  78. (typeattributeset exec_type (dovecot_exec_t dovecot_auth_exec_t dovecot_deliver_exec_t dovecot_initrc_exec_t ))
  79. (typeattributeset cil_gen_require file_type)
  80. (typeattributeset file_type (dovecot_exec_t dovecot_auth_exec_t dovecot_auth_tmp_t dovecot_cert_t dovecot_deliver_exec_t dovecot_deliver_tmp_t dovecot_etc_t dovecot_initrc_exec_t dovecot_keytab_t dovecot_passwd_t dovecot_spool_t dovecot_tmp_t dovecot_var_lib_t dovecot_var_log_t dovecot_var_run_t ))
  81. (typeattributeset cil_gen_require non_security_file_type)
  82. (typeattributeset non_security_file_type (dovecot_exec_t dovecot_auth_exec_t dovecot_auth_tmp_t dovecot_cert_t dovecot_deliver_exec_t dovecot_deliver_tmp_t dovecot_etc_t dovecot_initrc_exec_t dovecot_keytab_t dovecot_passwd_t dovecot_spool_t dovecot_tmp_t dovecot_var_lib_t dovecot_var_log_t dovecot_var_run_t ))
  83. (typeattributeset cil_gen_require non_auth_file_type)
  84. (typeattributeset non_auth_file_type (dovecot_exec_t dovecot_auth_exec_t dovecot_auth_tmp_t dovecot_cert_t dovecot_deliver_exec_t dovecot_deliver_tmp_t dovecot_etc_t dovecot_initrc_exec_t dovecot_keytab_t dovecot_passwd_t dovecot_spool_t dovecot_tmp_t dovecot_var_lib_t dovecot_var_log_t dovecot_var_run_t ))
  85. (typeattributeset cil_gen_require console_device_t)
  86. (typeattributeset cil_gen_require initrc_devpts_t)
  87. (typeattributeset cil_gen_require devpts_t)
  88. (typeattributeset cil_gen_require device_t)
  89. (typeattributeset cil_gen_require var_t)
  90. (typeattributeset cil_gen_require var_run_t)
  91. (typeattributeset cil_gen_require tmpfile)
  92. (typeattributeset tmpfile (dovecot_auth_tmp_t dovecot_deliver_tmp_t dovecot_tmp_t ))
  93. (typeattributeset cil_gen_require tmp_t)
  94. (typeattributeset cil_gen_require polymember)
  95. (typeattributeset polymember (dovecot_auth_tmp_t dovecot_deliver_tmp_t dovecot_tmp_t ))
  96. (typeattributeset cil_gen_require cert_type)
  97. (typeattributeset cert_type (dovecot_cert_t ))
  98. (typeattributeset cil_gen_require configfile)
  99. (typeattributeset configfile (dovecot_etc_t ))
  100. (typeattributeset cil_gen_require init_script_file_type)
  101. (typeattributeset init_script_file_type (dovecot_initrc_exec_t ))
  102. (typeattributeset cil_gen_require init_run_all_scripts_domain)
  103. (typeattributeset cil_gen_require logfile)
  104. (typeattributeset logfile (dovecot_var_log_t ))
  105. (typeattributeset cil_gen_require tmpfs_t)
  106. (typeattributeset cil_gen_require pidfile)
  107. (typeattributeset pidfile (dovecot_var_run_t ))
  108. (typeattributeset cil_gen_require sysctl_type)
  109. (typeattributeset cil_gen_require proc_t)
  110. (typeattributeset cil_gen_require proc_net_t)
  111. (typeattributeset cil_gen_require bin_t)
  112. (typeattributeset cil_gen_require shell_exec_t)
  113. (typeattributeset cil_gen_require random_device_t)
  114. (typeattributeset cil_gen_require urandom_device_t)
  115. (typeattributeset cil_gen_require etc_t)
  116. (typeattributeset cil_gen_require etc_runtime_t)
  117. (typeattributeset cil_gen_require syslogd_t)
  118. (typeattributeset cil_gen_require syslogd_var_run_t)
  119. (typeattributeset cil_gen_require devlog_t)
  120. (typeattributeset cil_gen_require init_var_run_t)
  121. (typeattributeset cil_gen_require locale_t)
  122. (typeattributeset cil_gen_require usr_t)
  123. (typeattributeset cil_gen_require var_log_t)
  124. (typeattributeset cil_gen_require unlabeled_t)
  125. (typeattributeset cil_gen_require netlabel_peer_t)
  126. (typeattributeset cil_gen_require netif_t)
  127. (typeattributeset cil_gen_require node_t)
  128. (typeattributeset cil_gen_require port_type)
  129. (typeattributeset cil_gen_require mail_server_packet_t)
  130. (typeattributeset cil_gen_require mail_port_t)
  131. (typeattributeset cil_gen_require pop_server_packet_t)
  132. (typeattributeset cil_gen_require pop_port_t)
  133. (typeattributeset cil_gen_require sieve_server_packet_t)
  134. (typeattributeset cil_gen_require sieve_port_t)
  135. (typeattributeset cil_gen_require client_packet_type)
  136. (typeattributeset cil_gen_require postgresql_port_t)
  137. (typeattributeset cil_gen_require privfd)
  138. (typeattributeset cil_gen_require var_lib_t)
  139. (typeattributeset cil_gen_require var_spool_t)
  140. (typeattributeset cil_gen_require default_t)
  141. (typeattributeset cil_gen_require mountpoint)
  142. (typeattributeset cil_gen_require filesystem_type)
  143. (typeattributeset cil_gen_require autofs_t)
  144. (typeattributeset cil_gen_require inotifyfs_t)
  145. (typeattributeset cil_gen_require initrc_var_run_t)
  146. (typeattributeset cil_gen_require nsswitch_domain)
  147. (typeattributeset nsswitch_domain (dovecot_t dovecot_auth_t dovecot_deliver_t ))
  148. (typeattributeset cil_gen_require cert_t)
  149. (typeattributeset cil_gen_require unpriv_userdomain)
  150. (typeattributeset cil_gen_require user_tty_device_t)
  151. (typeattributeset cil_gen_require user_devpts_t)
  152. (typeattributeset cil_gen_require nfs_t)
  153. (typeattributeset cil_gen_require cifs_t)
  154. (typeattributeset cil_gen_require chkpwd_t)
  155. (typeattributeset cil_gen_require chkpwd_exec_t)
  156. (typeattributeset cil_gen_require shadow_t)
  157. (typeattributeset cil_gen_require auth_cache_t)
  158. (typeattributeset cil_gen_require faillog_t)
  159. (typeattributeset cil_gen_require net_conf_t)
  160. (typeattributeset cil_gen_require ldap_port_t)
  161. (typeattributeset cil_gen_require ldap_client_packet_t)
  162. (allow dovecot_t dovecot_exec_t (file (entrypoint)))
  163. (allow dovecot_t dovecot_exec_t (file (ioctl read getattr lock execute open)))
  164. (allow initrc_t dovecot_exec_t (file (read getattr execute open)))
  165. (allow initrc_t dovecot_t (process (transition)))
  166. (dontaudit initrc_t dovecot_t (process (noatsecure siginh rlimitinh)))
  167. (typetransition initrc_t dovecot_exec_t process dovecot_t)
  168. (allow dovecot_t initrc_t (fd (use)))
  169. (allow dovecot_t initrc_t (fifo_file (ioctl read write getattr lock append open)))
  170. (allow dovecot_t initrc_t (process (sigchld)))
  171. (dontaudit dovecot_t init_t (fd (use)))
  172. (dontaudit dovecot_t console_device_t (chr_file (ioctl read write getattr lock append open)))
  173. (allow dovecot_t device_t (dir (getattr search open)))
  174. (allow dovecot_t device_t (dir (ioctl read getattr lock search open)))
  175. (allow dovecot_t device_t (dir (getattr search open)))
  176. (allow dovecot_t device_t (lnk_file (read getattr)))
  177. (allow dovecot_t devpts_t (dir (ioctl read getattr lock search open)))
  178. (allow dovecot_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
  179. (allow dovecot_auth_t dovecot_auth_exec_t (file (entrypoint)))
  180. (allow dovecot_auth_t dovecot_auth_exec_t (file (ioctl read getattr lock execute open)))
  181. (allow dovecot_deliver_t dovecot_deliver_exec_t (file (entrypoint)))
  182. (allow dovecot_deliver_t dovecot_deliver_exec_t (file (ioctl read getattr lock execute open)))
  183. (allow initrc_t dovecot_initrc_exec_t (file (entrypoint)))
  184. (allow initrc_t dovecot_initrc_exec_t (file (ioctl read getattr lock execute open)))
  185. (allow init_run_all_scripts_domain dovecot_initrc_exec_t (file (read getattr execute open)))
  186. (allow init_run_all_scripts_domain initrc_t (process (transition)))
  187. (dontaudit init_run_all_scripts_domain initrc_t (process (noatsecure siginh rlimitinh)))
  188. (typetransition init_run_all_scripts_domain dovecot_initrc_exec_t process initrc_t)
  189. (allow initrc_t init_run_all_scripts_domain (fd (use)))
  190. (allow initrc_t init_run_all_scripts_domain (fifo_file (ioctl read write getattr lock append open)))
  191. (allow initrc_t init_run_all_scripts_domain (process (sigchld)))
  192. (allow dovecot_var_log_t tmp_t (filesystem (associate)))
  193. (allow dovecot_var_log_t tmpfs_t (filesystem (associate)))
  194. (allow dovecot_domain self (capability2 (block_suspend)))
  195. (allow dovecot_domain self (fifo_file (ioctl read write getattr lock append open)))
  196. (allow dovecot_domain dovecot_etc_t (dir (ioctl read getattr lock search open)))
  197. (allow dovecot_domain dovecot_etc_t (file (ioctl read getattr lock open)))
  198. (allow dovecot_domain dovecot_etc_t (lnk_file (read getattr)))
  199. (allow dovecot_domain sysctl_type (dir (getattr search open)))
  200. (allow dovecot_domain proc_t (dir (getattr search open)))
  201. (allow dovecot_domain proc_net_t (dir (getattr search open)))
  202. (allow dovecot_domain sysctl_type (file (ioctl read getattr lock open)))
  203. (allow dovecot_domain proc_t (dir (getattr search open)))
  204. (allow dovecot_domain proc_net_t (dir (getattr search open)))
  205. (allow dovecot_domain sysctl_type (dir (ioctl read getattr lock search open)))
  206. (allow dovecot_domain proc_t (dir (getattr search open)))
  207. (allow dovecot_domain proc_t (file (ioctl read getattr lock open)))
  208. (allow dovecot_domain proc_t (dir (getattr search open)))
  209. (allow dovecot_domain proc_t (lnk_file (read getattr)))
  210. (allow dovecot_domain proc_t (dir (getattr search open)))
  211. (allow dovecot_domain proc_t (dir (ioctl read getattr lock search open)))
  212. (allow dovecot_domain bin_t (dir (getattr search open)))
  213. (allow dovecot_domain bin_t (lnk_file (read getattr)))
  214. (allow dovecot_domain bin_t (dir (getattr search open)))
  215. (allow dovecot_domain bin_t (dir (ioctl read getattr lock search open)))
  216. (allow dovecot_domain bin_t (file (ioctl read getattr lock execute execute_no_trans open)))
  217. (allow dovecot_domain bin_t (dir (getattr search open)))
  218. (allow dovecot_domain bin_t (dir (ioctl read getattr lock search open)))
  219. (allow dovecot_domain bin_t (dir (getattr search open)))
  220. (allow dovecot_domain bin_t (lnk_file (read getattr)))
  221. (allow dovecot_domain shell_exec_t (file (ioctl read getattr lock execute execute_no_trans open)))
  222. (allow dovecot_domain sysfs_t (dir (getattr search open)))
  223. (allow dovecot_domain sysfs_t (file (ioctl read getattr lock open)))
  224. (allow dovecot_domain sysfs_t (dir (getattr search open)))
  225. (allow dovecot_domain sysfs_t (lnk_file (read getattr)))
  226. (allow dovecot_domain sysfs_t (dir (getattr search open)))
  227. (allow dovecot_domain sysfs_t (dir (ioctl read getattr lock search open)))
  228. (allow dovecot_domain device_t (dir (getattr search open)))
  229. (allow dovecot_domain random_device_t (chr_file (ioctl read getattr lock open)))
  230. (allow dovecot_domain device_t (dir (getattr search open)))
  231. (allow dovecot_domain urandom_device_t (chr_file (ioctl read getattr lock open)))
  232. (allow dovecot_domain etc_t (dir (ioctl read getattr lock search open)))
  233. (allow dovecot_domain etc_t (dir (getattr search open)))
  234. (allow dovecot_domain etc_runtime_t (file (ioctl read getattr lock open)))
  235. (allow dovecot_domain etc_t (dir (getattr search open)))
  236. (allow dovecot_domain etc_runtime_t (lnk_file (read getattr)))
  237. (allow dovecot_domain devlog_t (sock_file (write getattr append open)))
  238. (allow dovecot_domain var_run_t (lnk_file (read getattr)))
  239. (allow dovecot_domain var_t (dir (getattr search open)))
  240. (allow dovecot_domain var_run_t (dir (getattr search open)))
  241. (allow dovecot_domain init_var_run_t (dir (getattr search open)))
  242. (allow dovecot_domain syslogd_var_run_t (dir (getattr search open)))
  243. (allow dovecot_domain syslogd_t (unix_dgram_socket (sendto)))
  244. (allow dovecot_domain syslogd_t (unix_stream_socket (connectto)))
  245. (allow dovecot_domain self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  246. (allow dovecot_domain self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  247. (allow dovecot_domain device_t (dir (getattr search open)))
  248. (allow dovecot_domain device_t (dir (ioctl read getattr lock search open)))
  249. (allow dovecot_domain device_t (dir (getattr search open)))
  250. (allow dovecot_domain device_t (lnk_file (read getattr)))
  251. (allow dovecot_domain console_device_t (chr_file (ioctl write getattr lock append open)))
  252. (dontaudit dovecot_domain console_device_t (chr_file (ioctl read getattr lock open)))
  253. (allow dovecot_domain etc_t (dir (getattr search open)))
  254. (allow dovecot_domain etc_t (lnk_file (read getattr)))
  255. (allow dovecot_domain usr_t (dir (getattr search open)))
  256. (allow dovecot_domain locale_t (dir (ioctl read getattr lock search open)))
  257. (allow dovecot_domain locale_t (dir (getattr search open)))
  258. (allow dovecot_domain locale_t (file (ioctl read getattr lock open)))
  259. (allow dovecot_domain locale_t (dir (getattr search open)))
  260. (allow dovecot_domain locale_t (lnk_file (read getattr)))
  261. (allow dovecot_t self (capability (chown dac_override dac_read_search fsetid kill setgid setuid sys_chroot)))
  262. (dontaudit dovecot_t self (capability (sys_tty_config)))
  263. (allow dovecot_t self (process (sigchld sigkill sigstop signull signal setsched getcap setcap setrlimit)))
  264. (allow dovecot_t self (tcp_socket (listen accept)))
  265. (allow dovecot_t self (unix_stream_socket (listen accept connectto)))
  266. (allow dovecot_t dovecot_cert_t (dir (ioctl read getattr lock search open)))
  267. (allow dovecot_t dovecot_cert_t (file (ioctl read getattr lock open)))
  268. (allow dovecot_t dovecot_cert_t (lnk_file (read getattr)))
  269. (allow dovecot_t dovecot_keytab_t (file (ioctl read getattr lock open)))
  270. (allow dovecot_t dovecot_tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  271. (allow dovecot_t dovecot_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  272. (allow dovecot_t dovecot_tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  273. (allow dovecot_t dovecot_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  274. (allow dovecot_t tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  275. (typetransition dovecot_t tmp_t dir dovecot_tmp_t)
  276. (typetransition dovecot_t tmp_t file dovecot_tmp_t)
  277. (allow dovecot_t dovecot_var_lib_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  278. (allow dovecot_t dovecot_var_lib_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  279. (allow dovecot_t dovecot_var_log_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  280. (allow dovecot_t dovecot_var_log_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  281. (allow dovecot_t dovecot_var_log_t (dir (getattr search open)))
  282. (allow dovecot_t dovecot_var_log_t (file (ioctl getattr lock append open)))
  283. (allow dovecot_t dovecot_var_log_t (dir (ioctl write getattr lock add_name search open)))
  284. (allow dovecot_t dovecot_var_log_t (file (create getattr open)))
  285. (allow dovecot_t dovecot_var_log_t (dir (getattr search open)))
  286. (allow dovecot_t dovecot_var_log_t (file (setattr)))
  287. (allow dovecot_t var_t (dir (getattr search open)))
  288. (allow dovecot_t var_log_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  289. (typetransition dovecot_t var_log_t dir dovecot_var_log_t)
  290. (typetransition dovecot_t var_log_t file dovecot_var_log_t)
  291. (allow dovecot_t dovecot_spool_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  292. (allow dovecot_t dovecot_spool_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  293. (allow dovecot_t dovecot_spool_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  294. (allow dovecot_t dovecot_spool_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  295. (allow dovecot_t dovecot_spool_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  296. (allow dovecot_t dovecot_spool_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  297. (allow dovecot_t dovecot_var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  298. (allow dovecot_t dovecot_var_run_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  299. (allow dovecot_t dovecot_var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  300. (allow dovecot_t dovecot_var_run_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  301. (allow dovecot_t dovecot_var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  302. (allow dovecot_t dovecot_var_run_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  303. (allow dovecot_t dovecot_var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  304. (allow dovecot_t dovecot_var_run_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
  305. (allow dovecot_t dovecot_var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  306. (allow dovecot_t dovecot_var_run_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
  307. (allow dovecot_t var_t (dir (getattr search open)))
  308. (allow dovecot_t var_run_t (lnk_file (read getattr)))
  309. (allow dovecot_t var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  310. (typetransition dovecot_t var_run_t fifo_file dovecot_var_run_t)
  311. (typetransition dovecot_t var_run_t dir dovecot_var_run_t)
  312. (typetransition dovecot_t var_run_t file dovecot_var_run_t)
  313. (allow dovecot_t dovecot_exec_t (file (ioctl read getattr lock execute execute_no_trans open)))
  314. (allow dovecot_t dovecot_auth_t (process (signal)))
  315. (allow dovecot_t dovecot_auth_exec_t (file (read getattr execute open)))
  316. (allow dovecot_t dovecot_auth_t (process (transition)))
  317. (dontaudit dovecot_t dovecot_auth_t (process (noatsecure siginh rlimitinh)))
  318. (typetransition dovecot_t dovecot_auth_exec_t process dovecot_auth_t)
  319. (allow dovecot_auth_t dovecot_t (fd (use)))
  320. (allow dovecot_auth_t dovecot_t (fifo_file (ioctl read write getattr lock append open)))
  321. (allow dovecot_auth_t dovecot_t (process (sigchld)))
  322. (allow dovecot_t unlabeled_t (tcp_socket (recvfrom)))
  323. (allow dovecot_t unlabeled_t (udp_socket (recvfrom)))
  324. (allow dovecot_t unlabeled_t (rawip_socket (recvfrom)))
  325. (allow dovecot_t unlabeled_t (peer (recv)))
  326. (allow dovecot_t unlabeled_t (association (sendto recvfrom)))
  327. (allow dovecot_t netlabel_peer_t (peer (recv)))
  328. (allow dovecot_t netlabel_peer_t (tcp_socket (recvfrom)))
  329. (allow dovecot_t netlabel_peer_t (udp_socket (recvfrom)))
  330. (allow dovecot_t netlabel_peer_t (rawip_socket (recvfrom)))
  331. (allow dovecot_t netif_t (netif (tcp_recv tcp_send ingress egress)))
  332. (allow dovecot_t node_t (node (tcp_recv tcp_send recvfrom sendto)))
  333. (allow dovecot_t port_type (tcp_socket (recv_msg send_msg)))
  334. (allow dovecot_t node_t (tcp_socket (node_bind)))
  335. (allow dovecot_t mail_server_packet_t (packet (send)))
  336. (allow dovecot_t mail_server_packet_t (packet (recv)))
  337. (allow dovecot_t mail_port_t (tcp_socket (name_bind)))
  338. (allow dovecot_t pop_server_packet_t (packet (send)))
  339. (allow dovecot_t pop_server_packet_t (packet (recv)))
  340. (allow dovecot_t pop_port_t (tcp_socket (name_bind)))
  341. (allow dovecot_t self (capability (net_bind_service)))
  342. (allow dovecot_t sieve_server_packet_t (packet (send)))
  343. (allow dovecot_t sieve_server_packet_t (packet (recv)))
  344. (allow dovecot_t sieve_port_t (tcp_socket (name_bind)))
  345. (allow dovecot_t client_packet_type (packet (send)))
  346. (allow dovecot_t client_packet_type (packet (recv)))
  347. (allow dovecot_t port_type (tcp_socket (name_connect)))
  348. (allow dovecot_t postgresql_port_t (tcp_socket (name_connect)))
  349. (allow dovecot_t privfd (fd (use)))
  350. (allow dovecot_t var_lib_t (dir (ioctl read getattr lock search open)))
  351. (allow dovecot_t var_t (dir (getattr search open)))
  352. (allow dovecot_t var_lib_t (dir (getattr search open)))
  353. (allow dovecot_t var_lib_t (file (ioctl read getattr lock open)))
  354. (allow dovecot_t var_t (dir (getattr search open)))
  355. (allow dovecot_t var_t (lnk_file (read getattr)))
  356. (allow dovecot_t var_t (dir (getattr search open)))
  357. (allow dovecot_t var_spool_t (dir (getattr search open)))
  358. (dontaudit dovecot_t default_t (dir (ioctl read getattr lock search open)))
  359. (dontaudit dovecot_t file_type (dir (getattr search open)))
  360. (allow dovecot_t mountpoint (dir (getattr search open)))
  361. (allow dovecot_t filesystem_type (filesystem (getattr)))
  362. (allow dovecot_t file_type (filesystem (getattr)))
  363. (allow dovecot_t filesystem_type (dir (getattr)))
  364. (allow dovecot_t autofs_t (dir (getattr search open)))
  365. (allow dovecot_t inotifyfs_t (dir (ioctl read getattr lock search open)))
  366. (allow dovecot_t initrc_var_run_t (file (getattr)))
  367. (allow dovecot_t cert_t (dir (ioctl read getattr lock search open)))
  368. (allow dovecot_t cert_t (dir (getattr search open)))
  369. (allow dovecot_t cert_t (file (ioctl read getattr lock open)))
  370. (allow dovecot_t cert_t (dir (getattr search open)))
  371. (allow dovecot_t cert_t (lnk_file (read getattr)))
  372. (dontaudit dovecot_t unpriv_userdomain (fd (use)))
  373. (allow dovecot_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
  374. (allow dovecot_t user_devpts_t (chr_file (ioctl read write getattr append open)))
  375. (allow dovecot_t device_t (dir (getattr search open)))
  376. (allow dovecot_t device_t (dir (ioctl read getattr lock search open)))
  377. (allow dovecot_t device_t (dir (getattr search open)))
  378. (allow dovecot_t device_t (lnk_file (read getattr)))
  379. (allow dovecot_t devpts_t (dir (ioctl read getattr lock search open)))
  380. (allow dovecot_auth_t self (capability (chown dac_override setgid setuid ipc_lock sys_nice)))
  381. (allow dovecot_auth_t self (process (sigchld sigkill sigstop signull signal getsched setsched getcap setcap)))
  382. (allow dovecot_auth_t self (unix_stream_socket (listen accept connectto)))
  383. (allow dovecot_auth_t dovecot_passwd_t (dir (getattr search open)))
  384. (allow dovecot_auth_t dovecot_passwd_t (file (ioctl read getattr lock open)))
  385. (allow dovecot_auth_t dovecot_auth_tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  386. (allow dovecot_auth_t dovecot_auth_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  387. (allow dovecot_auth_t dovecot_auth_tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  388. (allow dovecot_auth_t dovecot_auth_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  389. (allow dovecot_auth_t tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  390. (typetransition dovecot_auth_t tmp_t dir dovecot_auth_tmp_t)
  391. (typetransition dovecot_auth_t tmp_t file dovecot_auth_tmp_t)
  392. (allow dovecot_auth_t dovecot_var_run_t (dir (ioctl read getattr lock search open)))
  393. (allow dovecot_auth_t dovecot_var_run_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  394. (allow dovecot_auth_t dovecot_var_run_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
  395. (allow dovecot_auth_t dovecot_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
  396. (allow dovecot_auth_t var_run_t (lnk_file (read getattr)))
  397. (allow dovecot_auth_t var_t (dir (getattr search open)))
  398. (allow dovecot_auth_t var_run_t (dir (getattr search open)))
  399. (allow dovecot_auth_t usr_t (dir (ioctl read getattr lock search open)))
  400. (allow dovecot_auth_t usr_t (dir (getattr search open)))
  401. (allow dovecot_auth_t usr_t (file (ioctl read getattr lock open)))
  402. (allow dovecot_auth_t usr_t (dir (getattr search open)))
  403. (allow dovecot_auth_t usr_t (lnk_file (read getattr)))
  404. (allow dovecot_auth_t var_lib_t (dir (ioctl read getattr lock search open)))
  405. (allow dovecot_auth_t var_t (dir (getattr search open)))
  406. (allow dovecot_auth_t var_lib_t (dir (getattr search open)))
  407. (allow dovecot_auth_t var_lib_t (file (ioctl read getattr lock open)))
  408. (allow dovecot_auth_t auth_cache_t (dir (getattr search open)))
  409. (allow dovecot_auth_t bin_t (dir (getattr search open)))
  410. (allow dovecot_auth_t bin_t (dir (getattr search open)))
  411. (allow dovecot_auth_t chkpwd_exec_t (file (read getattr execute open)))
  412. (allow dovecot_auth_t chkpwd_t (process (transition)))
  413. (dontaudit dovecot_auth_t chkpwd_t (process (noatsecure siginh rlimitinh)))
  414. (typetransition dovecot_auth_t chkpwd_exec_t process chkpwd_t)
  415. (allow chkpwd_t dovecot_auth_t (fd (use)))
  416. (allow chkpwd_t dovecot_auth_t (fifo_file (ioctl read write getattr lock append open)))
  417. (allow chkpwd_t dovecot_auth_t (process (sigchld)))
  418. (dontaudit dovecot_auth_t shadow_t (file (ioctl read getattr lock open)))
  419. (allow dovecot_auth_t device_t (dir (getattr search open)))
  420. (allow dovecot_auth_t random_device_t (chr_file (ioctl read getattr lock open)))
  421. (allow dovecot_auth_t device_t (dir (getattr search open)))
  422. (allow dovecot_auth_t urandom_device_t (chr_file (ioctl read getattr lock open)))
  423. (allow dovecot_auth_t var_t (dir (getattr search open)))
  424. (allow dovecot_auth_t var_log_t (dir (getattr search open)))
  425. (allow dovecot_auth_t faillog_t (file (ioctl read write getattr lock append open)))
  426. (allow dovecot_auth_t self (capability (audit_write)))
  427. (allow dovecot_auth_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
  428. (allow dovecot_auth_t cert_t (dir (ioctl read getattr lock search open)))
  429. (allow dovecot_auth_t cert_t (dir (getattr search open)))
  430. (allow dovecot_auth_t cert_t (file (ioctl read getattr lock open)))
  431. (allow dovecot_auth_t cert_t (dir (getattr search open)))
  432. (allow dovecot_auth_t cert_t (lnk_file (read getattr)))
  433. (allow dovecot_auth_t var_run_t (lnk_file (read getattr)))
  434. (allow dovecot_auth_t var_t (dir (getattr search open)))
  435. (allow dovecot_auth_t var_run_t (dir (ioctl read getattr lock search open)))
  436. (allow dovecot_auth_t initrc_var_run_t (file (ioctl read write getattr lock append open)))
  437. (allow dovecot_auth_t self (capability (audit_write)))
  438. (allow dovecot_auth_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
  439. (dontaudit dovecot_auth_t selinux_config_t (dir (getattr search open)))
  440. (allow dovecot_auth_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  441. (allow dovecot_auth_t unlabeled_t (tcp_socket (recvfrom)))
  442. (allow dovecot_auth_t unlabeled_t (udp_socket (recvfrom)))
  443. (allow dovecot_auth_t unlabeled_t (rawip_socket (recvfrom)))
  444. (allow dovecot_auth_t unlabeled_t (peer (recv)))
  445. (allow dovecot_auth_t unlabeled_t (association (sendto recvfrom)))
  446. (allow dovecot_auth_t netlabel_peer_t (peer (recv)))
  447. (allow dovecot_auth_t netlabel_peer_t (tcp_socket (recvfrom)))
  448. (allow dovecot_auth_t netlabel_peer_t (udp_socket (recvfrom)))
  449. (allow dovecot_auth_t netlabel_peer_t (rawip_socket (recvfrom)))
  450. (allow dovecot_auth_t netif_t (netif (tcp_recv tcp_send ingress egress)))
  451. (allow dovecot_auth_t node_t (node (tcp_recv tcp_send recvfrom sendto)))
  452. (allow dovecot_auth_t ldap_port_t (tcp_socket (recv_msg send_msg)))
  453. (allow dovecot_auth_t ldap_port_t (tcp_socket (name_connect)))
  454. (allow dovecot_auth_t ldap_client_packet_t (packet (send)))
  455. (allow dovecot_auth_t ldap_client_packet_t (packet (recv)))
  456. (allow dovecot_auth_t device_t (dir (getattr search open)))
  457. (allow dovecot_auth_t random_device_t (chr_file (ioctl read getattr lock open)))
  458. (allow dovecot_auth_t device_t (dir (getattr search open)))
  459. (allow dovecot_auth_t urandom_device_t (chr_file (ioctl read getattr lock open)))
  460. (allow dovecot_auth_t etc_t (dir (getattr search open)))
  461. (allow dovecot_auth_t net_conf_t (file (ioctl read getattr lock open)))
  462. (allow dovecot_deliver_t dovecot_cert_t (dir (getattr search open)))
  463. (allow dovecot_deliver_t dovecot_var_log_t (dir (getattr search open)))
  464. (allow dovecot_deliver_t dovecot_var_log_t (file (ioctl getattr lock append open)))
  465. (allow dovecot_deliver_t dovecot_deliver_tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  466. (allow dovecot_deliver_t dovecot_deliver_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  467. (allow dovecot_deliver_t dovecot_deliver_tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  468. (allow dovecot_deliver_t dovecot_deliver_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  469. (allow dovecot_deliver_t tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  470. (typetransition dovecot_deliver_t tmp_t dir dovecot_deliver_tmp_t)
  471. (typetransition dovecot_deliver_t tmp_t file dovecot_deliver_tmp_t)
  472. (allow dovecot_deliver_t dovecot_var_run_t (dir (ioctl read getattr lock search open)))
  473. (allow dovecot_deliver_t dovecot_var_run_t (file (ioctl read getattr lock open)))
  474. (allow dovecot_deliver_t dovecot_var_run_t (sock_file (read getattr open)))
  475. (allow dovecot_deliver_t dovecot_var_run_t (dir (getattr search open)))
  476. (allow dovecot_deliver_t dovecot_var_run_t (sock_file (write getattr append open)))
  477. (allow dovecot_deliver_t dovecot_t (unix_stream_socket (connectto)))
  478. (allow dovecot_deliver_t dovecot_auth_t (unix_stream_socket (connectto)))
  479. (allow dovecot_deliver_t dovecot_deliver_exec_t (file (ioctl read getattr lock execute execute_no_trans open)))
  480. (allow dovecot_deliver_t dovecot_t (process (signull)))
  481. (allow dovecot_deliver_t filesystem_type (filesystem (getattr)))
  482. (allow dovecot_deliver_t file_type (filesystem (getattr)))
  483. (allow dovecot_deliver_t var_t (dir (getattr search open)))
  484. (allow dovecot_deliver_t var_log_t (dir (getattr search open)))
  485. (booleanif (use_samba_home_dirs)
  486. (true
  487. (allow dovecot_t cifs_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  488. (allow dovecot_t cifs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  489. (allow dovecot_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  490. (allow dovecot_t cifs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  491. (allow dovecot_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  492. (allow dovecot_deliver_t cifs_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  493. (allow dovecot_deliver_t cifs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  494. (allow dovecot_deliver_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  495. (allow dovecot_deliver_t cifs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  496. (allow dovecot_deliver_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  497. )
  498. )
  499. (booleanif (use_nfs_home_dirs)
  500. (true
  501. (allow dovecot_t nfs_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  502. (allow dovecot_t nfs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  503. (allow dovecot_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  504. (allow dovecot_t nfs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  505. (allow dovecot_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  506. (allow dovecot_deliver_t nfs_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  507. (allow dovecot_deliver_t nfs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  508. (allow dovecot_deliver_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  509. (allow dovecot_deliver_t nfs_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  510. (allow dovecot_deliver_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  511. )
  512. )
  513. (optional dovecot_optional_2
  514. (typeattributeset cil_gen_require init_t)
  515. (allow dovecot_t init_t (process (sigchld)))
  516. (allow dovecot_t init_t (process (signull)))
  517. (optional dovecot_optional_3
  518. (typeattributeset cil_gen_require rpm_t)
  519. (allow dovecot_t rpm_t (fd (use)))
  520. (allow dovecot_t rpm_t (fifo_file (ioctl read getattr lock open)))
  521. )
  522. (optional dovecot_optional_4
  523. (typeattributeset cil_gen_require security_t)
  524. (typeattributeset cil_gen_require sysfs_t)
  525. (dontaudit dovecot_t security_t (filesystem (getattr)))
  526. (dontaudit dovecot_t sysfs_t (filesystem (getattr)))
  527. (dontaudit dovecot_t sysfs_t (dir (getattr search open)))
  528. (dontaudit dovecot_t security_t (dir (getattr search open)))
  529. (dontaudit dovecot_t security_t (file (ioctl read getattr lock open)))
  530. )
  531. (optional dovecot_optional_5
  532. (typeattributeset cil_gen_require selinux_config_t)
  533. (dontaudit dovecot_t selinux_config_t (dir (getattr search open)))
  534. (dontaudit dovecot_t selinux_config_t (file (ioctl read getattr lock open)))
  535. (optional dovecot_optional_6
  536. (typeattributeset cil_gen_require nscd_t)
  537. (typeattributeset cil_gen_require nscd_var_run_t)
  538. (typeattributeset cil_gen_require var_t)
  539. (typeattributeset cil_gen_require var_run_t)
  540. (booleanif (nscd_use_shm)
  541. (true
  542. (allow dovecot_t nscd_var_run_t (sock_file (read getattr open)))
  543. (allow dovecot_t nscd_var_run_t (dir (ioctl read getattr lock search open)))
  544. (dontaudit dovecot_t nscd_var_run_t (file (ioctl read getattr lock open)))
  545. (allow dovecot_t nscd_t (unix_stream_socket (connectto)))
  546. (allow dovecot_t nscd_var_run_t (sock_file (write getattr append open)))
  547. (allow dovecot_t nscd_var_run_t (dir (getattr search open)))
  548. (allow dovecot_t var_run_t (dir (getattr search open)))
  549. (allow dovecot_t var_t (dir (getattr search open)))
  550. (allow dovecot_t var_run_t (lnk_file (read getattr)))
  551. (allow dovecot_t nscd_t (fd (use)))
  552. (allow dovecot_t nscd_t (nscd (getpwd getgrp gethost shmempwd shmemgrp shmemhost)))
  553. (allow dovecot_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
  554. )
  555. (false
  556. (allow nscd_t dovecot_t (process (getattr)))
  557. (allow nscd_t dovecot_t (lnk_file (read getattr)))
  558. (allow nscd_t dovecot_t (file (ioctl read getattr lock open)))
  559. (allow nscd_t dovecot_t (dir (ioctl read getattr lock search open)))
  560. (dontaudit dovecot_t nscd_var_run_t (file (ioctl read getattr lock open)))
  561. (allow dovecot_t nscd_t (unix_stream_socket (connectto)))
  562. (allow dovecot_t nscd_var_run_t (sock_file (write getattr append open)))
  563. (allow dovecot_t nscd_var_run_t (dir (getattr search open)))
  564. (allow dovecot_t var_run_t (dir (getattr search open)))
  565. (allow dovecot_t var_t (dir (getattr search open)))
  566. (allow dovecot_t var_run_t (lnk_file (read getattr)))
  567. (dontaudit dovecot_t nscd_t (nscd (shmempwd shmemgrp shmemhost getserv shmemserv)))
  568. (dontaudit dovecot_t nscd_t (fd (use)))
  569. (allow dovecot_t nscd_t (nscd (getpwd getgrp gethost)))
  570. (allow dovecot_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  571. )
  572. )
  573. )
  574. (optional dovecot_optional_7
  575. (typeattributeset cil_gen_require init_t)
  576. (allow dovecot_auth_t init_t (process (sigchld)))
  577. (allow dovecot_auth_t init_t (process (signull)))
  578. (optional dovecot_optional_8
  579. (typeattributeset cil_gen_require rpm_t)
  580. (allow dovecot_auth_t rpm_t (fd (use)))
  581. (allow dovecot_auth_t rpm_t (fifo_file (ioctl read getattr lock open)))
  582. )
  583. (optional dovecot_optional_9
  584. (typeattributeset cil_gen_require security_t)
  585. (typeattributeset cil_gen_require sysfs_t)
  586. (dontaudit dovecot_auth_t security_t (filesystem (getattr)))
  587. (dontaudit dovecot_auth_t sysfs_t (filesystem (getattr)))
  588. (dontaudit dovecot_auth_t sysfs_t (dir (getattr search open)))
  589. (dontaudit dovecot_auth_t security_t (dir (getattr search open)))
  590. (dontaudit dovecot_auth_t security_t (file (ioctl read getattr lock open)))
  591. )
  592. (optional dovecot_optional_10
  593. (typeattributeset cil_gen_require selinux_config_t)
  594. (dontaudit dovecot_auth_t selinux_config_t (dir (getattr search open)))
  595. (dontaudit dovecot_auth_t selinux_config_t (file (ioctl read getattr lock open)))
  596. (optional dovecot_optional_11
  597. (typeattributeset cil_gen_require init_t)
  598. (allow dovecot_deliver_t init_t (process (sigchld)))
  599. (allow dovecot_deliver_t init_t (process (signull)))
  600. (optional dovecot_optional_12
  601. (typeattributeset cil_gen_require rpm_t)
  602. (allow dovecot_deliver_t rpm_t (fd (use)))
  603. (allow dovecot_deliver_t rpm_t (fifo_file (ioctl read getattr lock open)))
  604. )
  605. (optional dovecot_optional_13
  606. (typeattributeset cil_gen_require security_t)
  607. (typeattributeset cil_gen_require sysfs_t)
  608. (dontaudit dovecot_deliver_t security_t (filesystem (getattr)))
  609. (dontaudit dovecot_deliver_t sysfs_t (filesystem (getattr)))
  610. (dontaudit dovecot_deliver_t sysfs_t (dir (getattr search open)))
  611. (dontaudit dovecot_deliver_t security_t (dir (getattr search open)))
  612. (dontaudit dovecot_deliver_t security_t (file (ioctl read getattr lock open)))
  613. )
  614. (optional dovecot_optional_14
  615. (typeattributeset cil_gen_require selinux_config_t)
  616. (dontaudit dovecot_deliver_t selinux_config_t (dir (getattr search open)))
  617. (dontaudit dovecot_deliver_t selinux_config_t (file (ioctl read getattr lock open)))
  618. (optional dovecot_optional_15
  619. (typeattributeset cil_gen_require security_t)
  620. (typeattributeset cil_gen_require sysfs_t)
  621. (typeattributeset cil_gen_require selinux_config_t)
  622. (typeattributeset cil_gen_require tmp_t)
  623. (typeattributeset cil_gen_require etc_t)
  624. (typeattributeset cil_gen_require unlabeled_t)
  625. (typeattributeset cil_gen_require netlabel_peer_t)
  626. (typeattributeset cil_gen_require netif_t)
  627. (typeattributeset cil_gen_require node_t)
  628. (typeattributeset cil_gen_require krb5_host_rcache_t)
  629. (typeattributeset cil_gen_require can_change_object_identity)
  630. (typeattributeset cil_gen_require default_context_t)
  631. (typeattributeset cil_gen_require file_context_t)
  632. (typeattributeset cil_gen_require krb5_keytab_t)
  633. (typeattributeset cil_gen_require krb5kdc_conf_t)
  634. (typeattributeset cil_gen_require krb5_conf_t)
  635. (typeattributeset cil_gen_require krb5_home_t)
  636. (typeattributeset cil_gen_require user_home_dir_t)
  637. (typeattributeset cil_gen_require home_root_t)
  638. (typeattributeset cil_gen_require kerberos_client_packet_t)
  639. (typeattributeset cil_gen_require kerberos_port_t)
  640. (typeattributeset cil_gen_require ocsp_client_packet_t)
  641. (typeattributeset cil_gen_require ocsp_port_t)
  642. (typeattributeset cil_gen_require can_change_object_identity)
  643. (typeattributeset can_change_object_identity (dovecot_t ))
  644. (allow dovecot_t etc_t (dir (getattr search open)))
  645. (allow dovecot_t krb5_keytab_t (file (ioctl read getattr lock open)))
  646. (allow dovecot_t tmp_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  647. (allow dovecot_t etc_t (dir (getattr search open)))
  648. (allow dovecot_t krb5_conf_t (file (ioctl read getattr lock open)))
  649. (allow dovecot_t user_home_dir_t (dir (getattr search open)))
  650. (allow dovecot_t home_root_t (dir (getattr search open)))
  651. (allow dovecot_t home_root_t (lnk_file (read getattr)))
  652. (allow dovecot_t krb5_home_t (file (ioctl read getattr lock open)))
  653. (dontaudit dovecot_t krb5_conf_t (file (ioctl write getattr lock append open)))
  654. (dontaudit dovecot_t krb5kdc_conf_t (dir (ioctl read getattr lock search open)))
  655. (dontaudit dovecot_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
  656. (dontaudit dovecot_t self (process (setfscreate)))
  657. (dontaudit dovecot_t security_t (dir (ioctl read getattr lock search open)))
  658. (dontaudit dovecot_t security_t (file (ioctl read write getattr lock append open)))
  659. (dontaudit dovecot_t security_t (security (check_context)))
  660. (dontaudit dovecot_t selinux_config_t (dir (getattr search open)))
  661. (dontaudit dovecot_t default_context_t (dir (getattr search open)))
  662. (dontaudit dovecot_t file_context_t (dir (getattr search open)))
  663. (dontaudit dovecot_t file_context_t (file (ioctl read getattr lock open)))
  664. (typetransition dovecot_t tmp_t file "imap_0" krb5_host_rcache_t)
  665. (booleanif (allow_kerberos)
  666. (true
  667. (allow dovecot_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  668. (allow dovecot_t tmp_t (dir (getattr search open)))
  669. (allow dovecot_t file_context_t (file (ioctl read getattr lock open)))
  670. (allow dovecot_t file_context_t (dir (getattr search open)))
  671. (allow dovecot_t selinux_config_t (dir (getattr search open)))
  672. (allow dovecot_t default_context_t (dir (getattr search open)))
  673. (allow dovecot_t etc_t (dir (getattr search open)))
  674. (allow dovecot_t security_t (security (check_context)))
  675. (allow dovecot_t security_t (file (ioctl read write getattr lock append open)))
  676. (allow dovecot_t security_t (dir (ioctl read getattr lock search open)))
  677. (allow dovecot_t sysfs_t (dir (getattr search open)))
  678. (allow dovecot_t sysfs_t (dir (getattr search open)))
  679. (allow dovecot_t self (process (setfscreate)))
  680. (allow dovecot_t krb5_host_rcache_t (file (getattr)))
  681. (allow dovecot_t ocsp_port_t (tcp_socket (recv_msg send_msg)))
  682. (allow dovecot_t ocsp_port_t (tcp_socket (name_connect)))
  683. (allow dovecot_t ocsp_client_packet_t (packet (recv)))
  684. (allow dovecot_t ocsp_client_packet_t (packet (send)))
  685. (allow dovecot_t kerberos_port_t (udp_socket (recv_msg)))
  686. (allow dovecot_t kerberos_port_t (udp_socket (send_msg)))
  687. (allow dovecot_t kerberos_port_t (tcp_socket (recv_msg send_msg)))
  688. (allow dovecot_t kerberos_port_t (tcp_socket (name_connect)))
  689. (allow dovecot_t kerberos_client_packet_t (packet (recv)))
  690. (allow dovecot_t kerberos_client_packet_t (packet (send)))
  691. (allow dovecot_t node_t (node (udp_recv recvfrom)))
  692. (allow dovecot_t node_t (node (udp_send sendto)))
  693. (allow dovecot_t node_t (node (tcp_recv tcp_send recvfrom sendto)))
  694. (allow dovecot_t netif_t (netif (udp_recv ingress)))
  695. (allow dovecot_t netif_t (netif (udp_send egress)))
  696. (allow dovecot_t netif_t (netif (tcp_recv tcp_send ingress egress)))
  697. (allow dovecot_t netlabel_peer_t (tcp_socket (recvfrom)))
  698. (allow dovecot_t netlabel_peer_t (udp_socket (recvfrom)))
  699. (allow dovecot_t netlabel_peer_t (rawip_socket (recvfrom)))
  700. (allow dovecot_t netlabel_peer_t (peer (recv)))
  701. (allow dovecot_t unlabeled_t (association (sendto recvfrom)))
  702. (allow dovecot_t unlabeled_t (peer (recv)))
  703. (allow dovecot_t unlabeled_t (rawip_socket (recvfrom)))
  704. (allow dovecot_t unlabeled_t (udp_socket (recvfrom)))
  705. (allow dovecot_t unlabeled_t (tcp_socket (recvfrom)))
  706. (allow dovecot_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  707. (allow dovecot_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  708. )
  709. )
  710. (optional dovecot_optional_16
  711. (typeattributeset cil_gen_require var_t)
  712. (typeattributeset cil_gen_require var_run_t)
  713. (typeattributeset cil_gen_require pcscd_t)
  714. (typeattributeset cil_gen_require pcscd_var_run_t)
  715. (booleanif (allow_kerberos)
  716. (true
  717. (allow dovecot_t pcscd_t (unix_stream_socket (connectto)))
  718. (allow dovecot_t pcscd_var_run_t (sock_file (write getattr append open)))
  719. (allow dovecot_t pcscd_var_run_t (dir (getattr search open)))
  720. (allow dovecot_t var_run_t (dir (getattr search open)))
  721. (allow dovecot_t var_t (dir (getattr search open)))
  722. (allow dovecot_t var_run_t (lnk_file (read getattr)))
  723. )
  724. )
  725. )
  726. (optional dovecot_optional_17
  727. (typeattributeset cil_gen_require var_t)
  728. (typeattributeset cil_gen_require var_lib_t)
  729. (typeattributeset cil_gen_require sssd_public_t)
  730. (typeattributeset cil_gen_require sssd_var_lib_t)
  731. (allow dovecot_t sssd_var_lib_t (dir (getattr search open)))
  732. (allow dovecot_t var_t (dir (getattr search open)))
  733. (allow dovecot_t var_lib_t (dir (getattr search open)))
  734. (allow dovecot_t sssd_public_t (dir (ioctl read getattr lock search open)))
  735. (allow dovecot_t sssd_public_t (dir (getattr search open)))
  736. (allow dovecot_t sssd_public_t (file (ioctl read getattr lock open)))
  737. )
  738. )
  739. (optional dovecot_optional_18
  740. (typeattributeset cil_gen_require var_t)
  741. (typeattributeset cil_gen_require var_spool_t)
  742. (typeattributeset cil_gen_require user_home_dir_t)
  743. (typeattributeset cil_gen_require home_root_t)
  744. (typeattributeset cil_gen_require mail_spool_t)
  745. (typeattributeset cil_gen_require mail_home_rw_t)
  746. (allow dovecot_t var_t (dir (getattr search open)))
  747. (allow dovecot_t var_spool_t (dir (getattr search open)))
  748. (allow dovecot_t mail_spool_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  749. (allow dovecot_t mail_spool_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  750. (allow dovecot_t mail_spool_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  751. (allow dovecot_t mail_spool_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  752. (allow dovecot_t mail_spool_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  753. (allow dovecot_t mail_spool_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  754. (allow dovecot_t user_home_dir_t (dir (getattr search open)))
  755. (allow dovecot_t home_root_t (dir (getattr search open)))
  756. (allow dovecot_t home_root_t (lnk_file (read getattr)))
  757. (allow dovecot_t mail_home_rw_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  758. (allow dovecot_t mail_home_rw_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
  759. (allow dovecot_t mail_home_rw_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  760. (allow dovecot_t mail_home_rw_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
  761. (allow dovecot_t mail_home_rw_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  762. (allow dovecot_t mail_home_rw_t (lnk_file (ioctl read write create getattr setattr lock unlink link rename)))
  763. (allow dovecot_t user_home_dir_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  764. (allow dovecot_t home_root_t (dir (getattr search open)))
  765. (allow dovecot_t home_root_t (lnk_file (read getattr)))
  766. (allow dovecot_t user_home_dir_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  767. (allow dovecot_t home_root_t (dir (getattr search open)))
  768. (allow dovecot_t home_root_t (lnk_file (read getattr)))
  769. (typetransition dovecot_t user_home_dir_t dir ".maildir" mail_home_rw_t)
  770. (typetransition dovecot_t user_home_dir_t dir "Maildir" mail_home_rw_t)
  771. )
  772. (optional dovecot_optional_19
  773. (typeattributeset cil_gen_require var_t)
  774. (typeattributeset cil_gen_require var_run_t)
  775. (typeattributeset cil_gen_require tmp_t)
  776. (typeattributeset cil_gen_require postgresql_t)
  777. (typeattributeset cil_gen_require postgresql_var_run_t)
  778. (typeattributeset cil_gen_require postgresql_tmp_t)
  779. (allow dovecot_t postgresql_var_run_t (dir (getattr search open)))
  780. (allow dovecot_t postgresql_tmp_t (dir (getattr search open)))
  781. (allow dovecot_t postgresql_var_run_t (sock_file (write getattr append open)))
  782. (allow dovecot_t postgresql_tmp_t (sock_file (write getattr append open)))
  783. (allow dovecot_t postgresql_t (unix_stream_socket (connectto)))
  784. (allow dovecot_t var_run_t (lnk_file (read getattr)))
  785. (allow dovecot_t var_t (dir (getattr search open)))
  786. (allow dovecot_t var_run_t (dir (getattr search open)))
  787. (allow dovecot_t tmp_t (dir (getattr search open)))
  788. )
  789. (optional dovecot_optional_20
  790. (typeattributeset cil_gen_require var_t)
  791. (typeattributeset cil_gen_require var_spool_t)
  792. (typeattributeset cil_gen_require postfix_private_t)
  793. (typeattributeset cil_gen_require postfix_spool_t)
  794. (allow dovecot_t postfix_private_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  795. (allow dovecot_t postfix_private_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
  796. (allow dovecot_t var_t (dir (getattr search open)))
  797. (allow dovecot_t var_spool_t (dir (getattr search open)))
  798. (allow dovecot_t postfix_spool_t (dir (getattr search open)))
  799. )
  800. (optional dovecot_optional_21
  801. (typeattributeset cil_gen_require bin_t)
  802. (typeattributeset cil_gen_require sendmail_t)
  803. (typeattributeset cil_gen_require sendmail_exec_t)
  804. (allow dovecot_t bin_t (dir (getattr search open)))
  805. (allow dovecot_t bin_t (dir (getattr search open)))
  806. (allow dovecot_t bin_t (dir (getattr search open)))
  807. (allow dovecot_t bin_t (dir (getattr search open)))
  808. (allow dovecot_t sendmail_exec_t (file (read getattr execute open)))
  809. (allow dovecot_t sendmail_t (process (transition)))
  810. (dontaudit dovecot_t sendmail_t (process (noatsecure siginh rlimitinh)))
  811. (typetransition dovecot_t sendmail_exec_t process sendmail_t)
  812. (allow dovecot_t sendmail_exec_t (lnk_file (read getattr)))
  813. (allow sendmail_t dovecot_t (fd (use)))
  814. (allow sendmail_t dovecot_t (fifo_file (ioctl read write getattr lock append open)))
  815. (allow sendmail_t dovecot_t (process (sigchld)))
  816. )
  817. (optional dovecot_optional_22
  818. (typeattributeset cil_gen_require newrole_t)
  819. (allow dovecot_t newrole_t (process (sigchld)))
  820. )
  821. (optional dovecot_optional_23
  822. (typeattributeset cil_gen_require squid_cache_t)
  823. (dontaudit dovecot_t squid_cache_t (dir (getattr search open)))
  824. )
  825. (optional dovecot_optional_24
  826. (typeattributeset cil_gen_require device_t)
  827. (typeattributeset cil_gen_require var_t)
  828. (typeattributeset cil_gen_require etc_t)
  829. (typeattributeset cil_gen_require var_lib_t)
  830. (typeattributeset cil_gen_require udev_tbl_t)
  831. (typeattributeset cil_gen_require udev_var_run_t)
  832. (allow dovecot_t udev_tbl_t (dir (ioctl read getattr lock search open)))
  833. (allow dovecot_t udev_tbl_t (dir (getattr search open)))
  834. (allow dovecot_t udev_tbl_t (file (ioctl read getattr lock open)))
  835. (allow dovecot_t udev_tbl_t (dir (getattr search open)))
  836. (allow dovecot_t udev_tbl_t (lnk_file (read getattr)))
  837. (allow dovecot_t device_t (dir (getattr search open)))
  838. (allow dovecot_t device_t (dir (ioctl read getattr lock search open)))
  839. (allow dovecot_t device_t (dir (getattr search open)))
  840. (allow dovecot_t device_t (lnk_file (read getattr)))
  841. (allow dovecot_t etc_t (dir (getattr search open)))
  842. (allow dovecot_t var_t (dir (getattr search open)))
  843. (allow dovecot_t var_lib_t (dir (getattr search open)))
  844. (allow dovecot_t udev_var_run_t (dir (getattr search open)))
  845. (allow dovecot_t udev_var_run_t (dir (getattr search open)))
  846. )
  847. (optional dovecot_optional_25
  848. (typeattributeset cil_gen_require etc_t)
  849. (typeattributeset cil_gen_require krb5_keytab_t)
  850. (allow dovecot_auth_t etc_t (dir (getattr search open)))
  851. (allow dovecot_auth_t krb5_keytab_t (file (ioctl read getattr lock open)))
  852. )
  853. (optional dovecot_optional_26
  854. (typeattributeset cil_gen_require var_t)
  855. (typeattributeset cil_gen_require var_run_t)
  856. (typeattributeset cil_gen_require pcscd_t)
  857. (typeattributeset cil_gen_require pcscd_var_run_t)
  858. (allow dovecot_auth_t var_run_t (lnk_file (read getattr)))
  859. (allow dovecot_auth_t var_t (dir (getattr search open)))
  860. (allow dovecot_auth_t var_run_t (dir (getattr search open)))
  861. (allow dovecot_auth_t pcscd_var_run_t (dir (getattr search open)))
  862. (allow dovecot_auth_t pcscd_var_run_t (file (ioctl read getattr lock open)))
  863. (allow dovecot_auth_t var_run_t (lnk_file (read getattr)))
  864. (allow dovecot_auth_t var_t (dir (getattr search open)))
  865. (allow dovecot_auth_t var_run_t (dir (getattr search open)))
  866. (allow dovecot_auth_t pcscd_var_run_t (dir (getattr search open)))
  867. (allow dovecot_auth_t pcscd_var_run_t (sock_file (write getattr append open)))
  868. (allow dovecot_auth_t pcscd_t (unix_stream_socket (connectto)))
  869. )
  870. (optional dovecot_optional_27
  871. (typeattributeset cil_gen_require var_t)
  872. (typeattributeset cil_gen_require var_run_t)
  873. (typeattributeset cil_gen_require samba_var_t)
  874. (typeattributeset cil_gen_require winbind_t)
  875. (typeattributeset cil_gen_require winbind_var_run_t)
  876. (typeattributeset cil_gen_require smbd_var_run_t)
  877. (allow dovecot_auth_t var_run_t (lnk_file (read getattr)))
  878. (allow dovecot_auth_t var_t (dir (getattr search open)))
  879. (allow dovecot_auth_t var_run_t (dir (getattr search open)))
  880. (allow dovecot_auth_t samba_var_t (dir (getattr search open)))
  881. (allow dovecot_auth_t winbind_var_run_t (dir (getattr search open)))
  882. (allow dovecot_auth_t smbd_var_run_t (dir (getattr search open)))
  883. (allow dovecot_auth_t winbind_var_run_t (sock_file (write getattr append open)))
  884. (allow dovecot_auth_t winbind_t (unix_stream_socket (connectto)))
  885. )
  886. (optional dovecot_optional_28
  887. (typeattributeset cil_gen_require tmp_t)
  888. (typeattributeset cil_gen_require user_tmp_t)
  889. (allow dovecot_auth_t user_tmp_t (dir (ioctl read getattr lock search open)))
  890. (allow dovecot_auth_t tmp_t (dir (getattr search open)))
  891. (allow dovecot_auth_t user_tmp_t (dir (getattr search open)))
  892. (allow dovecot_auth_t user_tmp_t (file (ioctl read getattr lock open)))
  893. (allow dovecot_auth_t user_tmp_t (dir (ioctl read getattr lock search open)))
  894. (allow dovecot_auth_t tmp_t (dir (getattr search open)))
  895. (allow dovecot_auth_t user_tmp_t (dir (getattr search open)))
  896. (allow dovecot_auth_t user_tmp_t (lnk_file (read getattr)))
  897. (allow dovecot_auth_t user_tmp_t (dir (ioctl read getattr lock search open)))
  898. (allow dovecot_auth_t tmp_t (dir (getattr search open)))
  899. )
  900. (optional dovecot_optional_29
  901. (typeattributeset cil_gen_require var_t)
  902. (typeattributeset cil_gen_require var_run_t)
  903. (typeattributeset cil_gen_require etc_t)
  904. (typeattributeset cil_gen_require netlabel_peer_t)
  905. (typeattributeset cil_gen_require mysqld_t)
  906. (typeattributeset cil_gen_require mysqld_var_run_t)
  907. (typeattributeset cil_gen_require mysqld_db_t)
  908. (typeattributeset cil_gen_require mysqld_etc_t)
  909. (typeattributeset cil_gen_require mysqld_port_t)
  910. (typeattributeset cil_gen_require mysqld_client_packet_t)
  911. (allow dovecot_auth_t var_run_t (lnk_file (read getattr)))
  912. (allow dovecot_auth_t var_t (dir (getattr search open)))
  913. (allow dovecot_auth_t var_run_t (dir (getattr search open)))
  914. (allow dovecot_auth_t mysqld_var_run_t (dir (getattr search open)))
  915. (allow dovecot_auth_t mysqld_db_t (dir (getattr search open)))
  916. (allow dovecot_auth_t mysqld_var_run_t (sock_file (write getattr append open)))
  917. (allow dovecot_auth_t mysqld_t (unix_stream_socket (connectto)))
  918. (allow dovecot_auth_t etc_t (dir (getattr search open)))
  919. (allow dovecot_auth_t mysqld_etc_t (dir (ioctl read getattr lock search open)))
  920. (allow dovecot_auth_t mysqld_etc_t (file (ioctl read getattr lock open)))
  921. (allow dovecot_auth_t mysqld_etc_t (lnk_file (read getattr)))
  922. (allow dovecot_auth_t self (association (sendto)))
  923. (allow mysqld_t self (association (sendto)))
  924. (allow dovecot_auth_t mysqld_t (tcp_socket (recvfrom)))
  925. (allow dovecot_auth_t mysqld_t (association (recvfrom)))
  926. (allow mysqld_t dovecot_auth_t (tcp_socket (recvfrom)))
  927. (allow mysqld_t dovecot_auth_t (association (recvfrom)))
  928. (allow dovecot_auth_t mysqld_t (peer (recv)))
  929. (allow mysqld_t dovecot_auth_t (peer (recv)))
  930. (allow dovecot_auth_t netlabel_peer_t (peer (recv)))
  931. (allow dovecot_auth_t netlabel_peer_t (tcp_socket (recvfrom)))
  932. (allow mysqld_t netlabel_peer_t (peer (recv)))
  933. (allow mysqld_t netlabel_peer_t (tcp_socket (recvfrom)))
  934. (allow dovecot_auth_t mysqld_port_t (tcp_socket (recv_msg send_msg)))
  935. (allow dovecot_auth_t mysqld_port_t (tcp_socket (name_connect)))
  936. (allow dovecot_auth_t mysqld_client_packet_t (packet (send)))
  937. (allow dovecot_auth_t mysqld_client_packet_t (packet (recv)))
  938. )
  939. (optional dovecot_optional_30
  940. (typeattributeset cil_gen_require etc_t)
  941. (typeattributeset cil_gen_require unlabeled_t)
  942. (typeattributeset cil_gen_require netlabel_peer_t)
  943. (typeattributeset cil_gen_require netif_t)
  944. (typeattributeset cil_gen_require node_t)
  945. (typeattributeset cil_gen_require port_type)
  946. (typeattributeset cil_gen_require net_conf_t)
  947. (typeattributeset cil_gen_require var_yp_t)
  948. (typeattributeset cil_gen_require port_t)
  949. (typeattributeset cil_gen_require defined_port_type)
  950. (typeattributeset cil_gen_require reserved_port_type)
  951. (typeattributeset cil_gen_require portmap_port_t)
  952. (typeattributeset cil_gen_require reserved_port_t)
  953. (typeattributeset cil_gen_require portmap_client_packet_t)
  954. (typeattributeset cil_gen_require client_packet_t)
  955. (typeattributeset cil_gen_require server_packet_t)
  956. (typeattributeset cil_gen_require rpc_port_type)
  957. (booleanif (allow_ypbind)
  958. (true
  959. (allow dovecot_auth_t self (capability (net_bind_service)))
  960. (allow dovecot_auth_t rpc_port_type (udp_socket (name_bind)))
  961. (allow dovecot_auth_t self (capability (net_bind_service)))
  962. (allow dovecot_auth_t rpc_port_type (tcp_socket (name_bind)))
  963. (allow dovecot_auth_t net_conf_t (file (ioctl read getattr lock open)))
  964. (allow dovecot_auth_t etc_t (dir (getattr search open)))
  965. (allow dovecot_auth_t server_packet_t (packet (recv)))
  966. (allow dovecot_auth_t server_packet_t (packet (send)))
  967. (allow dovecot_auth_t client_packet_t (packet (recv)))
  968. (allow dovecot_auth_t client_packet_t (packet (send)))
  969. (allow dovecot_auth_t portmap_client_packet_t (packet (recv)))
  970. (allow dovecot_auth_t portmap_client_packet_t (packet (send)))
  971. (dontaudit dovecot_auth_t port_type (tcp_socket (name_connect)))
  972. (allow dovecot_auth_t port_t (tcp_socket (name_connect)))
  973. (allow dovecot_auth_t reserved_port_t (tcp_socket (name_connect)))
  974. (allow dovecot_auth_t portmap_port_t (tcp_socket (name_connect)))
  975. (dontaudit dovecot_auth_t port_type (udp_socket (name_bind)))
  976. (dontaudit dovecot_auth_t port_type (tcp_socket (name_bind)))
  977. (dontaudit dovecot_auth_t reserved_port_type (udp_socket (name_bind)))
  978. (dontaudit dovecot_auth_t reserved_port_type (tcp_socket (name_bind)))
  979. (dontaudit dovecot_auth_t defined_port_type (udp_socket (name_bind)))
  980. (allow dovecot_auth_t port_t (udp_socket (name_bind)))
  981. (dontaudit dovecot_auth_t defined_port_type (tcp_socket (name_bind)))
  982. (allow dovecot_auth_t port_t (tcp_socket (name_bind)))
  983. (allow dovecot_auth_t node_t (udp_socket (node_bind)))
  984. (allow dovecot_auth_t node_t (tcp_socket (node_bind)))
  985. (allow dovecot_auth_t port_type (udp_socket (recv_msg)))
  986. (allow dovecot_auth_t port_type (udp_socket (send_msg)))
  987. (allow dovecot_auth_t port_type (tcp_socket (recv_msg send_msg)))
  988. (allow dovecot_auth_t node_t (node (udp_recv recvfrom)))
  989. (allow dovecot_auth_t node_t (node (udp_send sendto)))
  990. (allow dovecot_auth_t node_t (node (tcp_recv tcp_send recvfrom sendto)))
  991. (allow dovecot_auth_t netif_t (netif (udp_recv ingress)))
  992. (allow dovecot_auth_t netif_t (netif (udp_send egress)))
  993. (allow dovecot_auth_t netif_t (netif (tcp_recv tcp_send ingress egress)))
  994. (allow dovecot_auth_t netlabel_peer_t (tcp_socket (recvfrom)))
  995. (allow dovecot_auth_t netlabel_peer_t (udp_socket (recvfrom)))
  996. (allow dovecot_auth_t netlabel_peer_t (rawip_socket (recvfrom)))
  997. (allow dovecot_auth_t netlabel_peer_t (peer (recv)))
  998. (allow dovecot_auth_t unlabeled_t (association (sendto recvfrom)))
  999. (allow dovecot_auth_t unlabeled_t (peer (recv)))
  1000. (allow dovecot_auth_t unlabeled_t (rawip_socket (recvfrom)))
  1001. (allow dovecot_auth_t unlabeled_t (udp_socket (recvfrom)))
  1002. (allow dovecot_auth_t unlabeled_t (tcp_socket (recvfrom)))
  1003. (allow dovecot_auth_t var_yp_t (lnk_file (read getattr)))
  1004. (allow dovecot_auth_t var_yp_t (file (ioctl read getattr lock open)))
  1005. (allow dovecot_auth_t var_yp_t (dir (ioctl read getattr lock search open)))
  1006. (allow dovecot_auth_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
  1007. (allow dovecot_auth_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
  1008. (allow dovecot_auth_t self (capability (net_bind_service)))
  1009. )
  1010. )
  1011. )
  1012. (optional dovecot_optional_31
  1013. (typeattributeset cil_gen_require var_t)
  1014. (typeattributeset cil_gen_require var_spool_t)
  1015. (typeattributeset cil_gen_require postfix_private_t)
  1016. (typeattributeset cil_gen_require postfix_spool_t)
  1017. (allow dovecot_auth_t postfix_private_t (dir (ioctl read write getattr lock add_name remove_name search open)))
  1018. (allow dovecot_auth_t postfix_private_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
  1019. (allow dovecot_auth_t var_t (dir (getattr search open)))
  1020. (allow dovecot_auth_t var_spool_t (dir (getattr search open)))
  1021. (allow dovecot_auth_t postfix_spool_t (dir (getattr search open)))
  1022. )
  1023. (optional dovecot_optional_32
  1024. (typeattributeset cil_gen_require var_t)
  1025. (typeattributeset cil_gen_require var_spool_t)
  1026. (typeattributeset cil_gen_require mailserver_delivery)
  1027. (typeattributeset cil_gen_require mqueue_spool_t)
  1028. (typeattributeset cil_gen_require mailserver_delivery)
  1029. (typeattributeset mailserver_delivery (dovecot_deliver_t ))
  1030. (allow dovecot_deliver_t var_t (dir (getattr search open)))
  1031. (allow dovecot_deliver_t var_spool_t (dir (getattr search open)))
  1032. (allow dovecot_deliver_t mqueue_spool_t (dir (getattr search open)))
  1033. (allow dovecot_deliver_t mqueue_spool_t (file (ioctl read getattr lock open)))
  1034. )
  1035. (optional dovecot_optional_33
  1036. (typeattributeset cil_gen_require postfix_master_t)
  1037. (allow dovecot_deliver_t postfix_master_t (fd (use)))
  1038. )
  1039. (optional dovecot_optional_34
  1040. (typeattributeset cil_gen_require bin_t)
  1041. (typeattributeset cil_gen_require sendmail_t)
  1042. (typeattributeset cil_gen_require sendmail_exec_t)
  1043. (allow dovecot_deliver_t bin_t (dir (getattr search open)))
  1044. (allow dovecot_deliver_t bin_t (dir (getattr search open)))
  1045. (allow dovecot_deliver_t bin_t (dir (getattr search open)))
  1046. (allow dovecot_deliver_t bin_t (dir (getattr search open)))
  1047. (allow dovecot_deliver_t sendmail_exec_t (file (read getattr execute open)))
  1048. (allow dovecot_deliver_t sendmail_t (process (transition)))
  1049. (dontaudit dovecot_deliver_t sendmail_t (process (noatsecure siginh rlimitinh)))
  1050. (typetransition dovecot_deliver_t sendmail_exec_t process sendmail_t)
  1051. (allow dovecot_deliver_t sendmail_exec_t (lnk_file (read getattr)))
  1052. (allow sendmail_t dovecot_deliver_t (fd (use)))
  1053. (allow sendmail_t dovecot_deliver_t (fifo_file (ioctl read write getattr lock append open)))
  1054. (allow sendmail_t dovecot_deliver_t (process (sigchld)))
  1055. )
  1056. )
  1057. )
  1058. )
  1059. )
  1060. )
  1061. )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement