]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/services/arpwatch.te
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bump module versions for release.
[people/stevee/selinux-policy.git] / policy / modules / services / arpwatch.te
CommitLineData
4483ee84 1
29af4c13 2policy_module(arpwatch, 1.9.0)
4483ee84
CP		 3
4########################################
5#
6# Declarations
7#
8
9type arpwatch_t;
10type arpwatch_exec_t;
0bfccda4 11init_daemon_domain(arpwatch_t, arpwatch_exec_t)
4483ee84
CP		 12
13type arpwatch_data_t;
14files_type(arpwatch_data_t)
15
5843d066
CP		 16type arpwatch_initrc_exec_t;
17init_script_file(arpwatch_initrc_exec_t)
18
4483ee84
CP		 19type arpwatch_tmp_t;
20files_tmp_file(arpwatch_tmp_t)
21
22type arpwatch_var_run_t;
23files_pid_file(arpwatch_var_run_t)
24
25########################################
26#
27# Local policy
28#
29allow arpwatch_t self:capability { net_admin net_raw setgid setuid };
30dontaudit arpwatch_t self:capability sys_tty_config;
31allow arpwatch_t self:process signal_perms;
32allow arpwatch_t self:unix_dgram_socket create_socket_perms;
33allow arpwatch_t self:unix_stream_socket create_stream_socket_perms;
4483ee84
CP		 34allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
35allow arpwatch_t self:udp_socket create_socket_perms;
36allow arpwatch_t self:packet_socket create_socket_perms;
b0076a14 37allow arpwatch_t self:socket create_socket_perms;
4483ee84 38
0bfccda4
CP		 39manage_dirs_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
40manage_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
41manage_lnk_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
4483ee84 42
0bfccda4
CP		 43manage_dirs_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
44manage_files_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
103fe280 45files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
4483ee84 46
0bfccda4
CP		 47manage_files_pattern(arpwatch_t, arpwatch_var_run_t, arpwatch_var_run_t)
48files_pid_filetrans(arpwatch_t, arpwatch_var_run_t, file)
4483ee84 49
b0076a14 50kernel_read_network_state(arpwatch_t)
445522dc 51kernel_read_kernel_sysctls(arpwatch_t)
4483ee84
CP		 52kernel_list_proc(arpwatch_t)
53kernel_read_proc_symlinks(arpwatch_t)
54
19006686
CP		 55corenet_all_recvfrom_unlabeled(arpwatch_t)
56corenet_all_recvfrom_netlabel(arpwatch_t)
668b3093
CP		 57corenet_tcp_sendrecv_generic_if(arpwatch_t)
58corenet_udp_sendrecv_generic_if(arpwatch_t)
59corenet_raw_sendrecv_generic_if(arpwatch_t)
c1262146
CP		 60corenet_tcp_sendrecv_generic_node(arpwatch_t)
61corenet_udp_sendrecv_generic_node(arpwatch_t)
62corenet_raw_sendrecv_generic_node(arpwatch_t)
4483ee84
CP		 63corenet_tcp_sendrecv_all_ports(arpwatch_t)
64corenet_udp_sendrecv_all_ports(arpwatch_t)
4483ee84
CP		 65
66dev_read_sysfs(arpwatch_t)
b0076a14 67dev_rw_generic_usb_dev(arpwatch_t)
4483ee84
CP		 68
69fs_getattr_all_fs(arpwatch_t)
70fs_search_auto_mountpoints(arpwatch_t)
71
8021cb4f 72corecmd_read_bin_symlinks(arpwatch_t)
4483ee84 73
15722ec9 74domain_use_interactive_fds(arpwatch_t)
4483ee84
CP		 75
76files_read_etc_files(arpwatch_t)
77files_read_usr_files(arpwatch_t)
78files_search_var_lib(arpwatch_t)
79
f7101c54
CP		 80auth_use_nsswitch(arpwatch_t)
81
4483ee84
CP		 82logging_send_syslog_msg(arpwatch_t)
83
84miscfiles_read_localization(arpwatch_t)
85
296273a7 86userdom_dontaudit_search_user_home_dirs(arpwatch_t)
15722ec9 87userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
4483ee84
CP		 88
89mta_send_mail(arpwatch_t)
90
bb7170f6 91optional_policy(`
4483ee84
CP		 92 seutil_sigchld_newrole(arpwatch_t)
93')
94
bb7170f6 95optional_policy(`
4483ee84
CP		 96 udev_read_db(arpwatch_t)
97')
The IPFire selinux policy.