18 type httpd_sys_content_t;
21 type postfix_bounce_t;
24 type mysqld_var_run_t;
29 type postfix_cleanup_t;
30 type postfix_master_t;
31 type setroubleshootd_t;
32 type postfix_pickup_t;
38 class fifo_file { write read ioctl getattr };
40 class unix_stream_socket { connectto read write };
41 class tcp_socket { read write };
42 class file { execute read create ioctl execute_no_trans write getattr unlink append };
43 class sock_file write;
44 class lnk_file { read getattr };
45 class dir { write search getattr remove_name add_name };
48 #============= avahi_t ==============
49 allow avahi_t mysqld_db_t:dir search;
50 allow avahi_t mysqld_etc_t:file getattr;
52 #============= groupadd_t ==============
53 allow groupadd_t initrc_t:unix_stream_socket connectto;
55 #============= httpd_t ==============
56 allow httpd_t crond_t:unix_stream_socket { read write };
57 allow httpd_t initrc_t:unix_stream_socket connectto;
58 allow httpd_t mysqld_etc_t:file { read getattr };
59 allow httpd_t system_mail_t:process signal;
60 allow httpd_t tmp_t:file { read getattr };
61 allow httpd_t unconfined_t:unix_stream_socket { read write };
62 allow httpd_t usr_t:file { create unlink append };
64 #============= ifconfig_t ==============
65 allow ifconfig_t initrc_t:tcp_socket { read write };
67 #============= logwatch_t ==============
68 allow logwatch_t initrc_t:unix_stream_socket connectto;
69 allow logwatch_t mysqld_etc_t:file read;
70 allow logwatch_t mysqld_t:unix_stream_socket connectto;
72 #============= mailman_mail_t ==============
73 allow mailman_mail_t httpd_sys_content_t:dir { search getattr };
74 allow mailman_mail_t httpd_sys_content_t:file { read getattr };
75 allow mailman_mail_t httpd_sys_content_t:lnk_file { read getattr };
76 allow mailman_mail_t initrc_t:unix_stream_socket connectto;
77 allow mailman_mail_t lib_t:dir { write remove_name add_name };
78 allow mailman_mail_t lib_t:file { write create unlink };
79 allow mailman_mail_t self:fifo_file { write read ioctl getattr };
80 allow mailman_mail_t usr_t:file { read getattr ioctl execute execute_no_trans };
81 allow mailman_mail_t usr_t:lnk_file { read getattr };
82 allow mailman_mail_t var_run_t:dir { write add_name };
83 allow mailman_mail_t var_run_t:file { create ioctl append getattr };
85 #============= named_t ==============
86 allow named_t mysqld_db_t:dir search;
87 allow named_t mysqld_etc_t:file { read getattr };
89 #============= nscd_t ==============
90 allow nscd_t useradd_t:unix_stream_socket { read write };
92 #============= postfix_bounce_t ==============
93 allow postfix_bounce_t initrc_t:unix_stream_socket connectto;
94 allow postfix_bounce_t mysqld_db_t:dir search;
95 allow postfix_bounce_t mysqld_etc_t:file { read getattr };
96 allow postfix_bounce_t mysqld_t:unix_stream_socket connectto;
97 allow postfix_bounce_t mysqld_var_run_t:sock_file write;
99 #============= postfix_cleanup_t ==============
100 allow postfix_cleanup_t initrc_t:unix_stream_socket connectto;
101 allow postfix_cleanup_t mysqld_db_t:dir search;
102 allow postfix_cleanup_t mysqld_etc_t:file { read getattr };
103 allow postfix_cleanup_t mysqld_t:unix_stream_socket connectto;
104 allow postfix_cleanup_t mysqld_var_run_t:sock_file write;
105 allow postfix_cleanup_t usr_t:file { read getattr };
107 #============= postfix_master_t ==============
108 allow postfix_master_t initrc_t:unix_stream_socket connectto;
109 allow postfix_master_t mysqld_etc_t:file { read getattr };
111 #============= postfix_pickup_t ==============
112 allow postfix_pickup_t initrc_t:unix_stream_socket connectto;
113 allow postfix_pickup_t mysqld_db_t:dir search;
114 allow postfix_pickup_t mysqld_etc_t:file { read getattr };
115 allow postfix_pickup_t mysqld_var_run_t:sock_file write;
117 #============= postfix_qmgr_t ==============
118 allow postfix_qmgr_t initrc_t:unix_stream_socket connectto;
119 allow postfix_qmgr_t mysqld_db_t:dir search;
120 allow postfix_qmgr_t mysqld_etc_t:file getattr;
122 #============= postfix_smtp_t ==============
123 allow postfix_smtp_t initrc_t:unix_stream_socket connectto;
124 allow postfix_smtp_t mysqld_db_t:dir search;
125 allow postfix_smtp_t mysqld_etc_t:file { read getattr };
126 allow postfix_smtp_t mysqld_t:unix_stream_socket connectto;
127 allow postfix_smtp_t mysqld_var_run_t:sock_file write;
128 allow postfix_smtp_t usr_t:file { read getattr };
130 #============= postfix_smtpd_t ==============
131 allow postfix_smtpd_t initrc_t:unix_stream_socket connectto;
132 allow postfix_smtpd_t mysqld_db_t:dir search;
133 allow postfix_smtpd_t mysqld_etc_t:file { read getattr };
134 allow postfix_smtpd_t mysqld_t:unix_stream_socket connectto;
135 allow postfix_smtpd_t mysqld_var_run_t:sock_file write;
137 #============= semanage_t ==============
138 allow semanage_t httpd_sys_content_t:lnk_file read;
139 allow semanage_t initrc_t:unix_stream_socket connectto;
140 allow semanage_t mysqld_t:unix_stream_socket connectto;
141 allow semanage_t mysqld_var_run_t:sock_file write;
143 #============= setroubleshootd_t ==============
144 allow setroubleshootd_t httpd_sys_content_t:lnk_file read;
146 #============= system_dbusd_t ==============
147 allow system_dbusd_t initrc_t:unix_stream_socket connectto;
148 allow system_dbusd_t mysqld_t:unix_stream_socket connectto;
149 allow system_dbusd_t mysqld_var_run_t:sock_file write;
151 #============= system_mail_t ==============
152 allow system_mail_t crond_t:unix_stream_socket { read write };
153 allow system_mail_t httpd_t:file read;
154 allow system_mail_t initrc_t:unix_stream_socket connectto;
156 #============= xfs_t ==============
157 allow xfs_t mysqld_t:unix_stream_socket connectto;