[people/stevee/selinux-policy.git] / policy / modules / services / irqbalance.te


policy_module(irqbalance, 1.5.0)

########################################
#
# Declarations
#

type irqbalance_t;
type irqbalance_exec_t;
init_daemon_domain(irqbalance_t, irqbalance_exec_t)

type irqbalance_var_run_t;
files_pid_file(irqbalance_var_run_t)

########################################
#
# Local policy
#

allow irqbalance_t self:capability { setpcap net_admin };
dontaudit irqbalance_t self:capability sys_tty_config;
allow irqbalance_t self:process { getcap setcap signal_perms };
allow irqbalance_t self:udp_socket create_socket_perms;

manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)

kernel_read_network_state(irqbalance_t)
kernel_read_system_state(irqbalance_t)
kernel_read_kernel_sysctls(irqbalance_t)
kernel_rw_irq_sysctls(irqbalance_t)

dev_read_sysfs(irqbalance_t)

files_read_etc_files(irqbalance_t)
files_read_etc_runtime_files(irqbalance_t)

fs_getattr_all_fs(irqbalance_t)
fs_search_auto_mountpoints(irqbalance_t)

domain_use_interactive_fds(irqbalance_t)

logging_send_syslog_msg(irqbalance_t)

miscfiles_read_localization(irqbalance_t)

userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
userdom_dontaudit_search_user_home_dirs(irqbalance_t)

optional_policy(`
	seutil_sigchld_newrole(irqbalance_t)
')

optional_policy(`
	udev_read_db(irqbalance_t)
')
Commit	Line	Data
5d5ea8d0	1
29af4c13	2	policy_module(irqbalance, 1.5.0)
5d5ea8d0 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type irqbalance_t;
	10	type irqbalance_exec_t;
0bfccda4	11	init_daemon_domain(irqbalance_t, irqbalance_exec_t)
5d5ea8d0 CP	12
	13	type irqbalance_var_run_t;
	14	files_pid_file(irqbalance_var_run_t)
	15
	16	########################################
	17	#
	18	# Local policy
	19	#
	20
7d05af77	21	allow irqbalance_t self:capability { setpcap net_admin };
5d5ea8d0	22	dontaudit irqbalance_t self:capability sys_tty_config;
7d05af77 CP	23	allow irqbalance_t self:process { getcap setcap signal_perms };
7d05af77 CP	24	allow irqbalance_t self:udp_socket create_socket_perms;
5d5ea8d0	25
0bfccda4 CP	26	manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
0bfccda4 CP	27	files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)
5d5ea8d0	28
6b19be33	29	kernel_read_network_state(irqbalance_t)
5d5ea8d0	30	kernel_read_system_state(irqbalance_t)
445522dc CP	31	kernel_read_kernel_sysctls(irqbalance_t)
445522dc CP	32	kernel_rw_irq_sysctls(irqbalance_t)
5d5ea8d0 CP	33
	34	dev_read_sysfs(irqbalance_t)
	35
95501942 CP	36	files_read_etc_files(irqbalance_t)
	37	files_read_etc_runtime_files(irqbalance_t)
	38
5d5ea8d0 CP	39	fs_getattr_all_fs(irqbalance_t)
	40	fs_search_auto_mountpoints(irqbalance_t)
	41
15722ec9	42	domain_use_interactive_fds(irqbalance_t)
5d5ea8d0	43
5d5ea8d0 CP	44	logging_send_syslog_msg(irqbalance_t)
	45
	46	miscfiles_read_localization(irqbalance_t)
	47
15722ec9	48	userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
296273a7	49	userdom_dontaudit_search_user_home_dirs(irqbalance_t)
5d5ea8d0	50
bb7170f6	51	optional_policy(`
5d5ea8d0 CP	52	seutil_sigchld_newrole(irqbalance_t)
	53	')
	54
bb7170f6	55	optional_policy(`
5d5ea8d0 CP	56	udev_read_db(irqbalance_t)
5d5ea8d0 CP	57	')