From 5f91aae26b6b0e02c9fabcc5dcf9f4b3e9eedbfe Mon Sep 17 00:00:00 2001
From: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Date: Fri, 15 Jun 2018 15:11:23 -0400
Subject: Contribute SELinux policy for EL7

This adds a SELinux policy suitable for RHEL/CentOS 7. It assumes the
following:

- public-inbox-httpd and public-inbox-nntpd are running via systemd
  on sane ports (119 and 80/8080)
- /var/lib/public-inbox is the location for mainrepos
- /var/run/public-inbox is the location for PERL_INLINE_DIRECTORY
- /var/log/public-inbox is the location for logs
- mail delivery is done via postfix-pipe or public-inbox-watch via
  the provided example systemd service

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
---
 contrib/selinux/el7/publicinbox.fc | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 contrib/selinux/el7/publicinbox.fc

(limited to 'contrib/selinux/el7/publicinbox.fc')

diff --git a/contrib/selinux/el7/publicinbox.fc b/contrib/selinux/el7/publicinbox.fc
new file mode 100644
index 00000000..c8ada2d0
--- /dev/null
+++ b/contrib/selinux/el7/publicinbox.fc
@@ -0,0 +1,8 @@
+/usr/(local/)?bin/public-inbox-httpd    -- gen_context(system_u:object_r:publicinbox_daemon_exec_t,s0)
+/usr/(local/)?bin/public-inbox-nntpd    -- gen_context(system_u:object_r:publicinbox_daemon_exec_t,s0)
+/usr/(local/)?bin/public-inbox-watch    -- gen_context(system_u:object_r:publicinbox_deliver_exec_t,s0)
+/usr/(local/)?bin/public-inbox-mda      -- gen_context(system_u:object_r:publicinbox_deliver_exec_t,s0)
+
+/var/lib/public-inbox(/.*)?                gen_context(system_u:object_r:publicinbox_var_lib_t,s0)
+/var/run/public-inbox(/.*)?                gen_context(system_u:object_r:publicinbox_var_run_t,s0)
+/var/log/public-inbox(/.*)?                gen_context(system_u:object_r:publicinbox_log_t,s0)
-- 
cgit v1.2.3-24-ge0c7