18 type httpd_sys_content_t;
21 type postfix_bounce_t;
24 type mysqld_var_run_t;
29 type postfix_cleanup_t;
30 type postfix_master_t;
31 type setroubleshootd_t;
32 type postfix_pickup_t;
38 class fifo_file { write read ioctl getattr };
40 class unix_stream_socket { connectto read write };
41 class tcp_socket { read write };
42 class file { execute read create ioctl execute_no_trans write getattr unlink append };
43 class sock_file write;
44 class lnk_file { read getattr };
45 class dir { write search getattr read remove_name add_name };
48 #============= avahi_t ==============
49 allow avahi_t mysqld_db_t:dir search;
50 allow avahi_t mysqld_etc_t:file getattr;
52 #============= groupadd_t ==============
53 allow groupadd_t initrc_t:unix_stream_socket connectto;
55 #============= httpd_t ==============
56 allow httpd_t crond_t:unix_stream_socket { read write };
57 allow httpd_t initrc_t:unix_stream_socket connectto;
58 allow httpd_t mysqld_etc_t:file { read getattr };
59 allow httpd_t system_mail_t:process signal;
60 allow httpd_t tmp_t:file { read getattr };
61 allow httpd_t unconfined_t:unix_stream_socket { read write };
62 allow httpd_t usr_t:file { create unlink append };
64 #============= ifconfig_t ==============
65 allow ifconfig_t initrc_t:tcp_socket { read write };
67 #============= logwatch_t ==============
68 allow logwatch_t initrc_t:unix_stream_socket connectto;
69 allow logwatch_t mysqld_etc_t:file read;
70 allow logwatch_t mysqld_t:unix_stream_socket connectto;
72 #============= mailman_mail_t ==============
73 allow mailman_mail_t httpd_sys_content_t:dir { read write search getattr add_name };
74 allow mailman_mail_t httpd_sys_content_t:file { read getattr };
75 allow mailman_mail_t httpd_sys_content_t:lnk_file { read getattr };
76 allow mailman_mail_t initrc_t:unix_stream_socket connectto;
77 allow mailman_mail_t lib_t:dir { write remove_name add_name };
78 allow mailman_mail_t lib_t:file { write create unlink };
79 allow mailman_mail_t self:fifo_file { write read ioctl getattr };
80 allow mailman_mail_t tmp_t:file { read getattr };
81 allow mailman_mail_t usr_t:file { read getattr ioctl execute execute_no_trans };
82 allow mailman_mail_t usr_t:lnk_file { read getattr };
83 allow mailman_mail_t var_run_t:dir { write remove_name add_name };
84 allow mailman_mail_t var_run_t:file { getattr read create unlink ioctl append };
86 #============= named_t ==============
87 allow named_t mysqld_db_t:dir search;
88 allow named_t mysqld_etc_t:file { read getattr };
90 #============= nscd_t ==============
91 allow nscd_t useradd_t:unix_stream_socket { read write };
93 #============= postfix_bounce_t ==============
94 allow postfix_bounce_t initrc_t:unix_stream_socket connectto;
95 allow postfix_bounce_t mysqld_db_t:dir search;
96 allow postfix_bounce_t mysqld_etc_t:file { read getattr };
97 allow postfix_bounce_t mysqld_t:unix_stream_socket connectto;
98 allow postfix_bounce_t mysqld_var_run_t:sock_file write;
100 #============= postfix_cleanup_t ==============
101 allow postfix_cleanup_t initrc_t:unix_stream_socket connectto;
102 allow postfix_cleanup_t mysqld_db_t:dir search;
103 allow postfix_cleanup_t mysqld_etc_t:file { read getattr };
104 allow postfix_cleanup_t mysqld_t:unix_stream_socket connectto;
105 allow postfix_cleanup_t mysqld_var_run_t:sock_file write;
106 allow postfix_cleanup_t usr_t:file { read getattr };
108 #============= postfix_master_t ==============
109 allow postfix_master_t initrc_t:unix_stream_socket connectto;
110 allow postfix_master_t mysqld_etc_t:file { read getattr };
112 #============= postfix_pickup_t ==============
113 allow postfix_pickup_t initrc_t:unix_stream_socket connectto;
114 allow postfix_pickup_t mysqld_db_t:dir search;
115 allow postfix_pickup_t mysqld_etc_t:file { read getattr };
116 allow postfix_pickup_t mysqld_var_run_t:sock_file write;
118 #============= postfix_qmgr_t ==============
119 allow postfix_qmgr_t initrc_t:unix_stream_socket connectto;
120 allow postfix_qmgr_t mysqld_db_t:dir search;
121 allow postfix_qmgr_t mysqld_etc_t:file getattr;
123 #============= postfix_smtp_t ==============
124 allow postfix_smtp_t initrc_t:unix_stream_socket connectto;
125 allow postfix_smtp_t mysqld_db_t:dir search;
126 allow postfix_smtp_t mysqld_etc_t:file { read getattr };
127 allow postfix_smtp_t mysqld_t:unix_stream_socket connectto;
128 allow postfix_smtp_t mysqld_var_run_t:sock_file write;
129 allow postfix_smtp_t usr_t:file { read getattr };
131 #============= postfix_smtpd_t ==============
132 allow postfix_smtpd_t initrc_t:unix_stream_socket connectto;
133 allow postfix_smtpd_t mysqld_db_t:dir search;
134 allow postfix_smtpd_t mysqld_etc_t:file { read getattr };
135 allow postfix_smtpd_t mysqld_t:unix_stream_socket connectto;
136 allow postfix_smtpd_t mysqld_var_run_t:sock_file write;
138 #============= semanage_t ==============
139 allow semanage_t httpd_sys_content_t:lnk_file read;
140 allow semanage_t initrc_t:unix_stream_socket connectto;
141 allow semanage_t mysqld_t:unix_stream_socket connectto;
142 allow semanage_t mysqld_var_run_t:sock_file write;
144 #============= setroubleshootd_t ==============
145 allow setroubleshootd_t httpd_sys_content_t:lnk_file read;
147 #============= system_dbusd_t ==============
148 allow system_dbusd_t initrc_t:unix_stream_socket connectto;
149 allow system_dbusd_t mysqld_t:unix_stream_socket connectto;
150 allow system_dbusd_t mysqld_var_run_t:sock_file write;
152 #============= system_mail_t ==============
153 allow system_mail_t crond_t:unix_stream_socket { read write };
154 allow system_mail_t httpd_t:file read;
155 allow system_mail_t initrc_t:unix_stream_socket connectto;
157 #============= xfs_t ==============
158 allow xfs_t mysqld_t:unix_stream_socket connectto;