Courier IMAP and POP3 email servers

######################################## ##

## Template for creating courier server processes. ##

## ##

## Prefix name of the server process. ##

## # template(`courier_domain_template',` gen_require(` attribute courier_domain; ') ############################## # # Declarations # type courier_$1_t, courier_domain; type courier_$1_exec_t; init_daemon_domain(courier_$1_t, courier_$1_exec_t) ############################## # # Declarations # can_exec(courier_$1_t, courier_$1_exec_t) kernel_read_system_state(courier_$1_t) corenet_all_recvfrom_netlabel(courier_$1_t) corenet_tcp_sendrecv_generic_if(courier_$1_t) corenet_udp_sendrecv_generic_if(courier_$1_t) corenet_tcp_sendrecv_generic_node(courier_$1_t) corenet_udp_sendrecv_generic_node(courier_$1_t) corenet_tcp_sendrecv_all_ports(courier_$1_t) corenet_udp_sendrecv_all_ports(courier_$1_t) logging_send_syslog_msg(courier_$1_t) ') ######################################## ##

## Execute the courier authentication daemon with ## a domain transition. ##

## ##

## Domain allowed to transition. ##

## # interface(`courier_domtrans_authdaemon',` gen_require(` type courier_authdaemon_t, courier_authdaemon_exec_t; ') domtrans_pattern($1, courier_authdaemon_exec_t, courier_authdaemon_t) ') ####################################### ##

## Connect to courier-authdaemon over a unix stream socket. ##

## ##

## Domain allowed access. ##

## # interface(`courier_stream_connect_authdaemon',` gen_require(` type courier_authdaemon_t, courier_spool_t; ') files_search_spool($1) stream_connect_pattern($1, courier_spool_t, courier_spool_t, courier_authdaemon_t) ') ######################################## ##

## Execute the courier POP3 and IMAP server with ## a domain transition. ##

## ##

## Domain allowed to transition. ##

## # interface(`courier_domtrans_pop',` gen_require(` type courier_pop_t, courier_pop_exec_t; ') domtrans_pattern($1, courier_pop_exec_t, courier_pop_t) ') ######################################## ##

## Read courier config files ##

## ##

## Domain allowed access. ##

## # interface(`courier_read_config',` gen_require(` type courier_etc_t; ') files_search_etc($1) read_files_pattern($1, courier_etc_t, courier_etc_t) ') ######################################## ##

## Create, read, write, and delete courier ## spool directories. ##

## ##

## Domain allowed access. ##

## # interface(`courier_manage_spool_dirs',` gen_require(` type courier_spool_t; ') files_search_spool($1) manage_dirs_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ##

## Create, read, write, and delete courier ## spool files. ##

## ##

## Domain allowed access. ##

## # interface(`courier_manage_spool_files',` gen_require(` type courier_spool_t; ') files_search_spool($1) manage_files_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ##

## Manage named socket in a courier spool directory. ##

## ##

## Domain allowed access. ##

## # interface(`courier_manage_spool_sockets',` gen_require(` type courier_spool_t; ') files_search_spool($1) manage_sock_files_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ##

## Read courier spool files. ##

## ##

## Domain allowed access. ##

## # interface(`courier_read_spool',` gen_require(` type courier_spool_t; ') files_search_spool($1) read_files_pattern($1, courier_spool_t, courier_spool_t) ') ######################################## ##

## Read and write to courier spool pipes. ##

## ##

## Domain allowed access. ##

## # interface(`courier_rw_spool_pipes',` gen_require(` type courier_spool_t; ') allow $1 courier_spool_t:fifo_file rw_fifo_file_perms; ')