]>
Commit | Line | Data |
---|---|---|
6e61566d | 1 | |
17ec8c1f | 2 | policy_module(comsat, 1.6.0) |
6e61566d CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Declarations | |
7 | # | |
768283ac | 8 | |
6e61566d CP |
9 | type comsat_t; |
10 | type comsat_exec_t; | |
0bfccda4 | 11 | inetd_udp_service_domain(comsat_t, comsat_exec_t) |
6e61566d CP |
12 | role system_r types comsat_t; |
13 | ||
14 | type comsat_tmp_t; | |
15 | files_tmp_file(comsat_tmp_t) | |
16 | ||
17 | type comsat_var_run_t; | |
18 | files_pid_file(comsat_var_run_t) | |
19 | ||
20 | ######################################## | |
21 | # | |
22 | # Local policy | |
23 | # | |
24 | ||
25 | allow comsat_t self:capability { setuid setgid }; | |
26 | allow comsat_t self:process signal_perms; | |
c0868a7a | 27 | allow comsat_t self:fifo_file rw_fifo_file_perms; |
6e61566d | 28 | allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms; |
681c9a02 | 29 | allow comsat_t self:tcp_socket connected_stream_socket_perms; |
1904b010 | 30 | allow comsat_t self:udp_socket create_socket_perms; |
6e61566d | 31 | |
0bfccda4 CP |
32 | manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t) |
33 | manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t) | |
103fe280 | 34 | files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir }) |
6e61566d | 35 | |
0bfccda4 CP |
36 | manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t) |
37 | files_pid_filetrans(comsat_t, comsat_var_run_t, file) | |
6e61566d | 38 | |
445522dc | 39 | kernel_read_kernel_sysctls(comsat_t) |
6e61566d CP |
40 | kernel_read_network_state(comsat_t) |
41 | kernel_read_system_state(comsat_t) | |
42 | ||
19006686 CP |
43 | corenet_all_recvfrom_unlabeled(comsat_t) |
44 | corenet_all_recvfrom_netlabel(comsat_t) | |
6e61566d | 45 | corenet_tcp_sendrecv_all_if(comsat_t) |
681c9a02 | 46 | corenet_udp_sendrecv_all_if(comsat_t) |
6e61566d | 47 | corenet_tcp_sendrecv_all_nodes(comsat_t) |
681c9a02 | 48 | corenet_udp_sendrecv_all_nodes(comsat_t) |
2db2c7d0 | 49 | corenet_udp_sendrecv_all_ports(comsat_t) |
6e61566d CP |
50 | |
51 | dev_read_urand(comsat_t) | |
52 | ||
53 | fs_getattr_xattr_fs(comsat_t) | |
54 | ||
55 | files_read_etc_files(comsat_t) | |
681c9a02 | 56 | files_list_usr(comsat_t) |
6e61566d CP |
57 | files_search_spool(comsat_t) |
58 | files_search_home(comsat_t) | |
59 | ||
c0cf6e0a CP |
60 | auth_use_nsswitch(comsat_t) |
61 | ||
68228b33 CP |
62 | init_read_utmp(comsat_t) |
63 | init_dontaudit_write_utmp(comsat_t) | |
6e61566d | 64 | |
6e61566d CP |
65 | logging_send_syslog_msg(comsat_t) |
66 | ||
67 | miscfiles_read_localization(comsat_t) | |
68 | ||
296273a7 | 69 | userdom_dontaudit_getattr_user_ttys(comsat_t) |
6e61566d | 70 | |
296273a7 | 71 | mta_getattr_spool(comsat_t) |
e9c6cda7 | 72 | |
bb7170f6 | 73 | optional_policy(` |
6e61566d CP |
74 | kerberos_use(comsat_t) |
75 | ') |