Last active
January 4, 2019 15:49
-
-
Save double-p/8896a460d48490b092f22a936aa438bc to your computer and use it in GitHub Desktop.
dovecot selinux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| policy_module(ssfn-dovecot, 1.2) | |
| require{ | |
| type dovecot_auth_t; | |
| type dovecot_t; | |
| type dovecot_var_run_t; | |
| type proc_security_t; | |
| type init_t; | |
| class fifo_file { open write }; | |
| class file { getattr }; | |
| class tcp_socket { getattr accept read write }; | |
| class unix_stream_socket { read write }; | |
| class capability2 block_suspend; | |
| class process { noatsecure rlimitinh siginh }; | |
| } | |
| allow dovecot_auth_t dovecot_var_run_t:fifo_file { open write }; | |
| allow dovecot_auth_t dovecot_t:tcp_socket { getattr accept read write }; | |
| allow dovecot_auth_t init_t:unix_stream_socket { read write }; | |
| allow dovecot_auth_t self:capability2 block_suspend; | |
| allow dovecot_t proc_security_t:file getattr; | |
| allow dovecot_t dovecot_auth_t:process { noatsecure rlimitinh siginh }; | |
| allow dovecot_t self:capability2 block_suspend; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment