]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/services/arpwatch.te
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
trunk: 3 patches from dan
[people/stevee/selinux-policy.git] / policy / modules / services / arpwatch.te
CommitLineData
4483ee84 1
0251df3e 2policy_module(arpwatch,1.3.0)
4483ee84
CP		 3
4########################################
5#
6# Declarations
7#
8
9type arpwatch_t;
10type arpwatch_exec_t;
11init_daemon_domain(arpwatch_t,arpwatch_exec_t)
12
13type arpwatch_data_t;
14files_type(arpwatch_data_t)
15
16type arpwatch_tmp_t;
17files_tmp_file(arpwatch_tmp_t)
18
19type arpwatch_var_run_t;
20files_pid_file(arpwatch_var_run_t)
21
22########################################
23#
24# Local policy
25#
26allow arpwatch_t self:capability { net_admin net_raw setgid setuid };
27dontaudit arpwatch_t self:capability sys_tty_config;
28allow arpwatch_t self:process signal_perms;
29allow arpwatch_t self:unix_dgram_socket create_socket_perms;
30allow arpwatch_t self:unix_stream_socket create_stream_socket_perms;
31allow arpwatch_t self:netlink_route_socket r_netlink_socket_perms;
32allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
33allow arpwatch_t self:udp_socket create_socket_perms;
34allow arpwatch_t self:packet_socket create_socket_perms;
35
c0868a7a
CP		 36manage_dirs_pattern(arpwatch_t,arpwatch_data_t,arpwatch_data_t)
37manage_files_pattern(arpwatch_t,arpwatch_data_t,arpwatch_data_t)
38manage_lnk_files_pattern(arpwatch_t,arpwatch_data_t,arpwatch_data_t)
4483ee84 39
c0868a7a
CP		 40manage_dirs_pattern(arpwatch_t,arpwatch_tmp_t,arpwatch_tmp_t)
41manage_files_pattern(arpwatch_t,arpwatch_tmp_t,arpwatch_tmp_t)
103fe280 42files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
4483ee84 43
c0868a7a 44manage_files_pattern(arpwatch_t,arpwatch_var_run_t,arpwatch_var_run_t)
1c1ac67f 45files_pid_filetrans(arpwatch_t,arpwatch_var_run_t,file)
4483ee84 46
445522dc 47kernel_read_kernel_sysctls(arpwatch_t)
4483ee84
CP		 48kernel_list_proc(arpwatch_t)
49kernel_read_proc_symlinks(arpwatch_t)
50
b516e80f 51corenet_non_ipsec_sendrecv(arpwatch_t)
4483ee84
CP		 52corenet_tcp_sendrecv_all_if(arpwatch_t)
53corenet_udp_sendrecv_all_if(arpwatch_t)
54corenet_raw_sendrecv_all_if(arpwatch_t)
55corenet_tcp_sendrecv_all_nodes(arpwatch_t)
56corenet_udp_sendrecv_all_nodes(arpwatch_t)
57corenet_raw_sendrecv_all_nodes(arpwatch_t)
58corenet_tcp_sendrecv_all_ports(arpwatch_t)
59corenet_udp_sendrecv_all_ports(arpwatch_t)
4483ee84
CP		 60
61dev_read_sysfs(arpwatch_t)
62
63fs_getattr_all_fs(arpwatch_t)
64fs_search_auto_mountpoints(arpwatch_t)
65
8021cb4f 66corecmd_read_bin_symlinks(arpwatch_t)
4483ee84 67
15722ec9 68domain_use_interactive_fds(arpwatch_t)
4483ee84
CP		 69
70files_read_etc_files(arpwatch_t)
71files_read_usr_files(arpwatch_t)
72files_search_var_lib(arpwatch_t)
73
4483ee84
CP		 74libs_use_ld_so(arpwatch_t)
75libs_use_shared_libs(arpwatch_t)
76
77logging_send_syslog_msg(arpwatch_t)
78
79miscfiles_read_localization(arpwatch_t)
80
81sysnet_read_config(arpwatch_t)
82
15722ec9 83userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
103fe280 84userdom_dontaudit_search_sysadm_home_dirs(arpwatch_t)
4483ee84
CP		 85
86mta_send_mail(arpwatch_t)
87
88ifdef(`targeted_policy',`
1815bad1
CP		 89 term_dontaudit_use_unallocated_ttys(arpwatch_t)
90 term_dontaudit_use_generic_ptys(arpwatch_t)
9e04f5c5 91 files_dontaudit_read_root_files(arpwatch_t)
4483ee84
CP		 92')
93
bb7170f6 94optional_policy(`
4483ee84
CP		 95 nis_use_ypbind(arpwatch_t)
96')
97
bb7170f6 98optional_policy(`
4483ee84
CP		 99 corecmd_search_bin(arpwatch_t)
100')
101
bb7170f6 102optional_policy(`
4483ee84
CP		 103 seutil_sigchld_newrole(arpwatch_t)
104')
105
bb7170f6 106optional_policy(`
4483ee84
CP		 107 udev_read_db(arpwatch_t)
108')
The IPFire selinux policy.