|
|
|---|
allow qmail_serialmail_t crond_t:fifo_file { read write ioctl }; | allow qmail_serialmail_t crond_t:fifo_file { read write ioctl }; |
allow qmail_serialmail_t devtty_t:chr_file { read write }; | allow qmail_serialmail_t devtty_t:chr_file { read write }; |
| |
|
allow qmail_serialmail_t self:capability { dac_override }; |
|
allow qmail_serialmail_t etc_t:file { getattr read }; |
|
allow qmail_serialmail_t shell_exec_t:file { rx_file_perms }; |
|
|
|
ifdef(`pppd.te', ` |
|
domain_auto_trans(pppd_t, qmail_serialmail_exec_t, qmail_serialmail_t) |
|
allow qmail_serialmail_t ppp_device_t:chr_file { read write }; |
|
allow qmail_serialmail_t pppd_var_run_t:file { read write }; |
|
') |
|
|
# for tcpclient | # for tcpclient |
can_exec(qmail_serialmail_t, bin_t) | can_exec(qmail_serialmail_t, bin_t) |
allow qmail_serialmail_t bin_t:dir search; | allow qmail_serialmail_t bin_t:dir search; |
| |
|
# from -r13 gentoo patches |
|
read_locale(qmail_queue_t) |
|
read_locale(qmail_smtpd_t) |
|
|
|
# /var/qmail/bin/qmail-getpw accesses /var/spool/mail |
|
allow qmail_lspawn_t mail_spool_t:dir { getattr }; |
|
|
|
allow qmail_local_t qmail_spool_t:file r_file_perms; |
|
|
|
# kernel bug? Chris, we've discussed about this a few months before |
|
# sys_admin bug still present in hardened-sources-2.4.24-r3 |
|
allow qmail_inject_t qmail_inject_t:capability { sys_admin }; |
|
|
|
|
