As i manage a small vps i wrote a simple daemon in python to read the journal and email me anytime a service fails. The source code is located at https://github.com/gkarakou/systemd-mailify. As i currently have too many problems with selinux enforcing in my desktop and i wouldn't make tests on the live system i kindly request someone to review my selinux policy module. All the app is doing is reading systemd-journal and name connects on smtp ports. It reads its configuration from a file in etc (/etc/systemd-mailify.conf) and has a dedicated service file. The executable is located in /usr/bin and a pid file is written under /run. Here are the relevant parts. systemd-mailify.te ############################# policy_module(systemd_mailify, 1.0) type systemd_mailify_t; type systemd_mailify_exec_t; type systemd_unit_file_t; type systemd_mailify_conf_t; type systemd_mailify_var_run_t; class tcp_socket name_connect; init_daemon_domain(systemd_mailify_t, systemd_mailify_exec_t) allow systemd_mailify_t systemd_mailify_conf_t : file rw_file_perms; allow systemd_mailify_t systemd_mailify_conf_t : lnk_file { getattr read }; manage_files_pattern(systemd_mailify_t, systemd_mailify_var_run_t, systemd_mailify_var_run_t) files_config_file(systemd_mailify_conf_t); files_pid_file(systemd_mailify_var_run_t); files_read_etc_files(systemd_mailify_conf_t); files_search_etc(systemd_mailify_conf_t); files_pid_filetrans(systemd_mailify_t,systemd_mailify_var_run_t, { file }); auth_use_nsswitch(systemd_mailify_t); logging_send_syslog_msg(systemd_mailify_t); miscfiles_read_localization(systemd_mailify_t); sysnet_dns_name_resolve(systemd_mailify_t); allow systemd_mailify_exec_t smtp_port_t:tcp_socket name_connect; corenet_tcp_sendrecv_all_if(systemd_mailify_exec_t); corenet_tcp_sendrecv_all_nodes(systemd_mailify_exec_t); corenet_tcp_sendrecv_all_ports(systemd_mailify_exec_t); corenet_all_recvfrom_unlabeled(systemd_mailify_exec_t); domain_use_interactive_fds(systemd_mailify_exec_t); ####################### systemd-mailify.fc ####################### /usr/bin/systemd-mailify.py -- gen_context(system_u:object_r:systemd_mailify_exec_t,s0) /etc/systemd-mailify.conf gen_context(system_u:object_r:systemd_mailify_conf_t,s0) /usr/lib/systemd/system/systemd-mailify.service gen_context(system_u:object_r:systemd_unit_file_t,s0) /run/systemd-mailify.pid gen_context(system_u:object_r:systemd_mailify_var_run_t,s0) -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
