Contribute SELinux policy for EL7

This adds a SELinux policy suitable for RHEL/CentOS 7. It assumes the
following:

- public-inbox-httpd and public-inbox-nntpd are running via systemd
  on sane ports (119 and 80/8080)
- /var/lib/public-inbox is the location for mainrepos
- /var/run/public-inbox is the location for PERL_INLINE_DIRECTORY
- /var/log/public-inbox is the location for logs
- mail delivery is done via postfix-pipe or public-inbox-watch via
  the provided example systemd service

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>

1 files changed, 8 insertions, 0 deletions

diff --git a/contrib/selinux/el7/publicinbox.fc b/contrib/selinux/el7/publicinbox.fc
new file mode 100644
index 00000000..c8ada2d0
--- /dev/null
+++ b/contrib/selinux/el7/publicinbox.fc
@@ -0,0 +1,8 @@
+/usr/(local/)?bin/public-inbox-httpd    -- gen_context(system_u:object_r:publicinbox_daemon_exec_t,s0)
+/usr/(local/)?bin/public-inbox-nntpd    -- gen_context(system_u:object_r:publicinbox_daemon_exec_t,s0)
+/usr/(local/)?bin/public-inbox-watch    -- gen_context(system_u:object_r:publicinbox_deliver_exec_t,s0)
+/usr/(local/)?bin/public-inbox-mda      -- gen_context(system_u:object_r:publicinbox_deliver_exec_t,s0)
+
+/var/lib/public-inbox(/.*)?                gen_context(system_u:object_r:publicinbox_var_lib_t,s0)
+/var/run/public-inbox(/.*)?                gen_context(system_u:object_r:publicinbox_var_run_t,s0)
+/var/log/public-inbox(/.*)?                gen_context(system_u:object_r:publicinbox_log_t,s0)