/usr/share/selinux/ubuntu/include/services/dovecot.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | ## <summary>Dovecot POP and IMAP mail server</summary>
########################################
## <summary>
## Connect to dovecot auth unix domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dovecot_stream_connect_auth',`
gen_require(`
type dovecot_auth_t, dovecot_var_run_t;
')
stream_connect_pattern($1, dovecot_var_run_t, dovecot_var_run_t, dovecot_auth_t)
')
########################################
## <summary>
## Execute dovecot_deliver in the dovecot_deliver domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dovecot_domtrans_deliver',`
gen_require(`
type dovecot_deliver_t, dovecot_deliver_exec_t;
')
domtrans_pattern($1, dovecot_deliver_exec_t, dovecot_deliver_t)
')
########################################
## <summary>
## Create, read, write, and delete the dovecot spool files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dovecot_manage_spool',`
gen_require(`
type dovecot_spool_t;
')
manage_files_pattern($1, dovecot_spool_t, dovecot_spool_t)
manage_lnk_files_pattern($1, dovecot_spool_t, dovecot_spool_t)
')
########################################
## <summary>
## Do not audit attempts to delete dovecot lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dovecot_dontaudit_unlink_lib_files',`
gen_require(`
type dovecot_var_lib_t;
')
dontaudit $1 dovecot_var_lib_t:file unlink;
')
########################################
## <summary>
## All of the rules required to administrate
## an dovecot environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the dovecot domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`dovecot_admin',`
gen_require(`
type dovecot_t, dovecot_etc_t, dovecot_log_t;
type dovecot_spool_t, dovecot_var_lib_t;
type dovecot_var_run_t;
type dovecot_cert_t, dovecot_passwd_t;
type dovecot_initrc_exec_t;
')
allow $1 dovecot_t:process { ptrace signal_perms };
ps_process_pattern($1, dovecot_t)
init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 dovecot_initrc_exec_t system_r;
allow $2 system_r;
files_list_etc($1)
admin_pattern($1, dovecot_etc_t)
logging_list_logs($1)
admin_pattern($1, dovecot_log_t)
files_list_spool($1)
admin_pattern($1, dovecot_spool_t)
files_list_var_lib($1)
admin_pattern($1, dovecot_var_lib_t)
files_list_pids($1)
admin_pattern($1, dovecot_var_run_t)
admin_pattern($1, dovecot_cert_t)
admin_pattern($1, dovecot_passwd_t)
')
|