gentoo-selinux-policies/unconfined_additional.te

policy_module(unconfined_additional, 0.0.8)

require {
  type unconfined_t;
  type portage_sandbox_t;
  type atop_t;
  type atop_initrc_exec_t;
  type atop_unit_t;
  type spamd_t;
  type spamd_initrc_exec_t;
  type spamassassin_unit_t;
  type phpfpm_t;
  type phpfpm_initrc_exec_t;
  type phpfpm_unit_t;
  type amavis_t;
  type amavis_initrc_exec_t;
  type amavis_unit_t;
  type jabberd_t;
  type jabberd_initrc_exec_t;
  type jabber_unit_t;
  type turnserver_t;
  type turnserver_initrc_exec_t;
  type turnserver_unit_t;
  role unconfined_r;
}

allow unconfined_t portage_sandbox_t:process transition;
allow unconfined_t self:process execmem;

init_startstop_service(unconfined_t, unconfined_r, atop_t, atop_initrc_exec_t, atop_unit_t)
init_startstop_service(unconfined_t, unconfined_r, spamd_t, spamd_initrc_exec_t, spamd_unit_t)
init_startstop_service(unconfined_t, unconfined_r, phpfpm_t, phpfpm_initrc_exec_t, phpfpm_unit_t)
init_startstop_service(unconfined_t, unconfined_r, amavis_t, amavis_initrc_exec_t, amavis_unit_t)
init_startstop_service(unconfined_t, unconfined_r, jabberd_t, jabberd_initrc_exec_t, jabber_unit_t)
init_startstop_service(unconfined_t, unconfined_r, turnserver_t, turnserver_initrc_exec_t, turnserver_unit_t)
logging_admin_audit(unconfined_t, unconfined_r)
dovecot_admin(unconfined_t, unconfined_r)
openvpn_admin(unconfined_t, unconfined_r)
logging_admin_syslog(unconfined_t, unconfined_r)
mysql_admin(unconfined_t, unconfined_r)
postfix_admin(unconfined_t, unconfined_r)
ntp_admin(unconfined_t, unconfined_r)
bind_admin(unconfined_t, unconfined_r)
clamav_admin(unconfined_t, unconfined_r)
apache_admin(unconfined_t, unconfined_r)