[people/stevee/selinux-policy.git] / policy / modules / services / pxe.te

policy_module(pxe, 1.4.0)

# cjp: policy seems incomplete

########################################
#
# Declarations
#

type pxe_t;
type pxe_exec_t;
init_daemon_domain(pxe_t, pxe_exec_t)

type pxe_log_t;
logging_log_file(pxe_log_t)

type pxe_var_run_t;
files_pid_file(pxe_var_run_t)

########################################
#
# Local policy
#

allow pxe_t self:capability { chown setgid setuid };
dontaudit pxe_t self:capability sys_tty_config;
allow pxe_t self:process signal_perms;

allow pxe_t pxe_log_t:file manage_file_perms;
logging_log_filetrans(pxe_t, pxe_log_t, file)

manage_files_pattern(pxe_t, pxe_var_run_t, pxe_var_run_t)
files_pid_filetrans(pxe_t, pxe_var_run_t, file)

kernel_read_kernel_sysctls(pxe_t)
kernel_list_proc(pxe_t)
kernel_read_proc_symlinks(pxe_t)

corenet_udp_bind_pxe_port(pxe_t)

dev_read_sysfs(pxe_t)

domain_use_interactive_fds(pxe_t)

files_read_etc_files(pxe_t)

fs_getattr_all_fs(pxe_t)
fs_search_auto_mountpoints(pxe_t)

logging_send_syslog_msg(pxe_t)

miscfiles_read_localization(pxe_t)

userdom_dontaudit_use_unpriv_user_fds(pxe_t)
userdom_dontaudit_search_user_home_dirs(pxe_t)

optional_policy(`
	seutil_sigchld_newrole(pxe_t)
')

optional_policy(`
	udev_read_db(pxe_t)
')
Commit	Line	Data
17ec8c1f	1	policy_module(pxe, 1.4.0)
3411c3c3 CP	2
	3	# cjp: policy seems incomplete
	4
	5	########################################
	6	#
	7	# Declarations
	8	#
	9
	10	type pxe_t;
	11	type pxe_exec_t;
0bfccda4	12	init_daemon_domain(pxe_t, pxe_exec_t)
3411c3c3 CP	13
	14	type pxe_log_t;
	15	logging_log_file(pxe_log_t)
	16
	17	type pxe_var_run_t;
	18	files_pid_file(pxe_var_run_t)
	19
	20	########################################
	21	#
	22	# Local policy
	23	#
	24
	25	allow pxe_t self:capability { chown setgid setuid };
	26	dontaudit pxe_t self:capability sys_tty_config;
	27	allow pxe_t self:process signal_perms;
	28
c0868a7a	29	allow pxe_t pxe_log_t:file manage_file_perms;
0bfccda4	30	logging_log_filetrans(pxe_t, pxe_log_t, file)
3411c3c3	31
0bfccda4 CP	32	manage_files_pattern(pxe_t, pxe_var_run_t, pxe_var_run_t)
0bfccda4 CP	33	files_pid_filetrans(pxe_t, pxe_var_run_t, file)
3411c3c3 CP	34
	35	kernel_read_kernel_sysctls(pxe_t)
	36	kernel_list_proc(pxe_t)
	37	kernel_read_proc_symlinks(pxe_t)
	38
	39	corenet_udp_bind_pxe_port(pxe_t)
	40
	41	dev_read_sysfs(pxe_t)
	42
	43	domain_use_interactive_fds(pxe_t)
	44
	45	files_read_etc_files(pxe_t)
	46
	47	fs_getattr_all_fs(pxe_t)
	48	fs_search_auto_mountpoints(pxe_t)
	49
3411c3c3 CP	50	logging_send_syslog_msg(pxe_t)
	51
	52	miscfiles_read_localization(pxe_t)
	53
	54	userdom_dontaudit_use_unpriv_user_fds(pxe_t)
296273a7	55	userdom_dontaudit_search_user_home_dirs(pxe_t)
3411c3c3	56
3411c3c3 CP	57	optional_policy(`
	58	seutil_sigchld_newrole(pxe_t)
	59	')
	60
	61	optional_policy(`
	62	udev_read_db(pxe_t)
	63	')