rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   2705f9a0f3e3764b0256a63ffefdf84e76cfe1cf
  2.   strict
  3.   domains
  4.   program
  5.   saslauthd.te
Blob Blame History Raw 
#DESC saslauthd - Authentication daemon for SASL
#
# Author: Colin Walters <walters@verbum.org>
#

daemon_domain(saslauthd, `, auth_chkpwd, auth_bool')

allow saslauthd_t self:fifo_file { read write };
allow saslauthd_t self:unix_dgram_socket create_socket_perms;
allow saslauthd_t self:unix_stream_socket create_stream_socket_perms;
allow saslauthd_t saslauthd_var_run_t:sock_file create_file_perms;

allow saslauthd_t etc_t:dir { getattr search };
allow saslauthd_t etc_t:file r_file_perms;
allow saslauthd_t net_conf_t:file r_file_perms;

allow saslauthd_t self:file r_file_perms;
allow saslauthd_t proc_t:file { getattr read };

allow saslauthd_t urandom_device_t:chr_file { getattr read }; 

# Needs investigation
dontaudit saslauthd_t home_root_t:dir getattr;
can_network_client_tcp(saslauthd_t)
allow saslauthd_t pop_port_t:tcp_socket name_connect;

bool allow_saslauthd_read_shadow false;

if (allow_saslauthd_read_shadow) {
allow saslauthd_t shadow_t:file r_file_perms;
}
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.