# procmail policy by Jon Crowley, MITRE Corporation
# based on a policy by Stephen Smalley, NAI Labs
 
 
# type for the procmail executable
type procmail_exec_t, file_type, sysadm_file, exec_type;
 
# type for the procmail domain
type procmail_t, domain, privuser, privrole;
 
# capabilities
allow procmail_t procmail_t:capability { setuid setgid dac_override chown sys_nice };

# write to mailboxes in /var/spool/mail
allow procmail_t mail_spool_t:dir rw_dir_perms;
allow procmail_t mail_spool_t:file create_file_perms;