1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
policy_module(mutt, 1.0.0)
############################
#
# Declarations
#
## <desc>
## <p>
## Be able to manage user files (needed to support attachment handling)
## </p>
## </desc>
gen_tunable(mutt_manage_user_content, false)
type mutt_t;
type mutt_exec_t;
application_domain(mutt_t, mutt_exec_t)
ubac_constrained(mutt_t)
type mutt_conf_t;
userdom_user_home_content(mutt_conf_t)
type mutt_etc_t;
files_config_file(mutt_etc_t)
type mutt_home_t;
userdom_user_home_content(mutt_home_t)
type mutt_tmp_t;
files_tmp_file(mutt_tmp_t)
ubac_constrained(mutt_tmp_t)
############################
#
# Local Policy Rules
#
allow mutt_t self:process signal_perms;
allow mutt_t self:fifo_file rw_fifo_file_perms;
manage_dirs_pattern(mutt_t, mutt_home_t, mutt_home_t)
manage_files_pattern(mutt_t, mutt_home_t, mutt_home_t)
userdom_user_home_dir_filetrans(mutt_t, mutt_home_t, { dir file })
manage_dirs_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
manage_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
files_tmp_filetrans(mutt_t, mutt_tmp_t, { file dir })
read_files_pattern(mutt_t, mutt_etc_t, mutt_etc_t)
read_files_pattern(mutt_t, mutt_conf_t, mutt_conf_t)
kernel_read_system_state(mutt_t)
kernel_dontaudit_search_sysctl(mutt_t)
corecmd_exec_bin(mutt_t)
corecmd_exec_shell(mutt_t)
corenet_all_recvfrom_netlabel(mutt_t)
corenet_all_recvfrom_unlabeled(mutt_t)
corenet_sendrecv_pop_client_packets(mutt_t)
corenet_sendrecv_smtp_client_packets(mutt_t)
corenet_tcp_bind_generic_node(mutt_t)
corenet_tcp_connect_pop_port(mutt_t)
corenet_tcp_connect_smtp_port(mutt_t)
corenet_tcp_sendrecv_generic_if(mutt_t)
corenet_tcp_sendrecv_generic_node(mutt_t)
corenet_tcp_sendrecv_pop_port(mutt_t)
corenet_tcp_sendrecv_smtp_port(mutt_t)
dev_read_rand(mutt_t)
dev_read_urand(mutt_t)
domain_use_interactive_fds(mutt_t)
files_read_usr_files(mutt_t)
auth_use_nsswitch(mutt_t)
miscfiles_read_localization(mutt_t)
userdom_search_user_home_content(mutt_t)
userdom_use_user_terminals(mutt_t)
optional_policy(`
gpg_domtrans(mutt_t)
')
optional_policy(`
xdg_manage_generic_cache_home_content(mutt_t)
xdg_read_generic_config_home_files(mutt_t)
')
tunable_policy(`mutt_manage_user_content',`
# Needed for handling attachments
userdom_manage_user_home_content_files(mutt_t)
userdom_manage_user_home_content_dirs(mutt_t)
')
|
GitWeb