]>
Commit | Line | Data |
---|---|---|
9570b288 | 1 | policy_module(comsat, 1.7.0) |
6e61566d CP |
2 | |
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
768283ac | 7 | |
6e61566d CP |
8 | type comsat_t; |
9 | type comsat_exec_t; | |
0bfccda4 | 10 | inetd_udp_service_domain(comsat_t, comsat_exec_t) |
6e61566d CP |
11 | role system_r types comsat_t; |
12 | ||
13 | type comsat_tmp_t; | |
14 | files_tmp_file(comsat_tmp_t) | |
15 | ||
16 | type comsat_var_run_t; | |
17 | files_pid_file(comsat_var_run_t) | |
18 | ||
19 | ######################################## | |
20 | # | |
21 | # Local policy | |
22 | # | |
23 | ||
24 | allow comsat_t self:capability { setuid setgid }; | |
25 | allow comsat_t self:process signal_perms; | |
c0868a7a | 26 | allow comsat_t self:fifo_file rw_fifo_file_perms; |
6e61566d | 27 | allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms; |
681c9a02 | 28 | allow comsat_t self:tcp_socket connected_stream_socket_perms; |
1904b010 | 29 | allow comsat_t self:udp_socket create_socket_perms; |
6e61566d | 30 | |
0bfccda4 CP |
31 | manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t) |
32 | manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t) | |
103fe280 | 33 | files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir }) |
6e61566d | 34 | |
0bfccda4 CP |
35 | manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t) |
36 | files_pid_filetrans(comsat_t, comsat_var_run_t, file) | |
6e61566d | 37 | |
445522dc | 38 | kernel_read_kernel_sysctls(comsat_t) |
6e61566d CP |
39 | kernel_read_network_state(comsat_t) |
40 | kernel_read_system_state(comsat_t) | |
41 | ||
19006686 CP |
42 | corenet_all_recvfrom_unlabeled(comsat_t) |
43 | corenet_all_recvfrom_netlabel(comsat_t) | |
668b3093 CP |
44 | corenet_tcp_sendrecv_generic_if(comsat_t) |
45 | corenet_udp_sendrecv_generic_if(comsat_t) | |
c1262146 CP |
46 | corenet_tcp_sendrecv_generic_node(comsat_t) |
47 | corenet_udp_sendrecv_generic_node(comsat_t) | |
2db2c7d0 | 48 | corenet_udp_sendrecv_all_ports(comsat_t) |
6e61566d CP |
49 | |
50 | dev_read_urand(comsat_t) | |
51 | ||
52 | fs_getattr_xattr_fs(comsat_t) | |
53 | ||
54 | files_read_etc_files(comsat_t) | |
681c9a02 | 55 | files_list_usr(comsat_t) |
6e61566d CP |
56 | files_search_spool(comsat_t) |
57 | files_search_home(comsat_t) | |
58 | ||
c0cf6e0a CP |
59 | auth_use_nsswitch(comsat_t) |
60 | ||
68228b33 CP |
61 | init_read_utmp(comsat_t) |
62 | init_dontaudit_write_utmp(comsat_t) | |
6e61566d | 63 | |
6e61566d CP |
64 | logging_send_syslog_msg(comsat_t) |
65 | ||
66 | miscfiles_read_localization(comsat_t) | |
67 | ||
296273a7 | 68 | userdom_dontaudit_getattr_user_ttys(comsat_t) |
6e61566d | 69 | |
296273a7 | 70 | mta_getattr_spool(comsat_t) |
e9c6cda7 | 71 | |
bb7170f6 | 72 | optional_policy(` |
6e61566d CP |
73 | kerberos_use(comsat_t) |
74 | ') |