libs_use_ld_so(amanda_t)
libs_use_shared_libs(amanda_t)
-
optional_policy(`
logging_send_syslog_msg(amanda_t)
')
mls_file_read_all_levels(bootloader_t)
mls_file_write_all_levels(bootloader_t)
-
term_getattr_all_user_ttys(bootloader_t)
term_dontaudit_manage_pty_dirs(bootloader_t)
modutils_run_insmod(usernetctl_t, $2, $3)
')
-
optional_policy(`
ppp_run(usernetctl_t, $2, $3)
')
/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
-
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
type device_t;
')
-
list_dirs_pattern($1, device_t, device_t)
read_lnk_files_pattern($1, device_t, device_t)
')
type sysfs_t;
')
-
rw_files_pattern($1, sysfs_t, sysfs_t)
read_lnk_files_pattern($1, sysfs_t, sysfs_t)
/etc/cups/client\.conf -- gen_context(system_u:object_r:etc_t,s0)
-
/etc/ipsec\.d/examples(/.*)? gen_context(system_u:object_r:etc_t,s0)
/etc/network/ifstate -- gen_context(system_u:object_r:etc_runtime_t,s0)
allow $1 autofs_t:filesystem mount;
')
-
########################################
## <summary>
## Remount an automount pseudo filesystem
type kernel_t;
')
-
kernel_domtrans_to($1,$2)
ifdef(`enable_mcs',`
read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
')
-
########################################
## <summary>
## Do not audit attempts to list unlabeled directories.
#
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
-
ifdef(`distro_gentoo', `
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0)
dontaudit direct_init $3:chr_file rw_file_perms;
')
-
########################################
## <summary>
## Read the process state (/proc/pid) of init.
# auditallow $1 self:process execstack;
')
-
optional_policy(`
auth_unconfined($1)
')
postfix_domtrans_master(unconfined_t)
')
-
optional_policy(`
pyzor_per_role_template(unconfined)
')
mta_rw_spool($1_t)
')
-
optional_policy(`
tunable_policy(`allow_user_mysql_connect',`
mysql_stream_connect($1_t)