]>
Commit | Line | Data |
---|---|---|
17ec8c1f | 1 | policy_module(pxe, 1.4.0) |
3411c3c3 CP |
2 | |
3 | # cjp: policy seems incomplete | |
4 | ||
5 | ######################################## | |
6 | # | |
7 | # Declarations | |
8 | # | |
9 | ||
10 | type pxe_t; | |
11 | type pxe_exec_t; | |
0bfccda4 | 12 | init_daemon_domain(pxe_t, pxe_exec_t) |
3411c3c3 CP |
13 | |
14 | type pxe_log_t; | |
15 | logging_log_file(pxe_log_t) | |
16 | ||
17 | type pxe_var_run_t; | |
18 | files_pid_file(pxe_var_run_t) | |
19 | ||
20 | ######################################## | |
21 | # | |
22 | # Local policy | |
23 | # | |
24 | ||
25 | allow pxe_t self:capability { chown setgid setuid }; | |
26 | dontaudit pxe_t self:capability sys_tty_config; | |
27 | allow pxe_t self:process signal_perms; | |
28 | ||
c0868a7a | 29 | allow pxe_t pxe_log_t:file manage_file_perms; |
0bfccda4 | 30 | logging_log_filetrans(pxe_t, pxe_log_t, file) |
3411c3c3 | 31 | |
0bfccda4 CP |
32 | manage_files_pattern(pxe_t, pxe_var_run_t, pxe_var_run_t) |
33 | files_pid_filetrans(pxe_t, pxe_var_run_t, file) | |
3411c3c3 CP |
34 | |
35 | kernel_read_kernel_sysctls(pxe_t) | |
36 | kernel_list_proc(pxe_t) | |
37 | kernel_read_proc_symlinks(pxe_t) | |
38 | ||
39 | corenet_udp_bind_pxe_port(pxe_t) | |
40 | ||
41 | dev_read_sysfs(pxe_t) | |
42 | ||
43 | domain_use_interactive_fds(pxe_t) | |
44 | ||
45 | files_read_etc_files(pxe_t) | |
46 | ||
47 | fs_getattr_all_fs(pxe_t) | |
48 | fs_search_auto_mountpoints(pxe_t) | |
49 | ||
3411c3c3 CP |
50 | logging_send_syslog_msg(pxe_t) |
51 | ||
52 | miscfiles_read_localization(pxe_t) | |
53 | ||
54 | userdom_dontaudit_use_unpriv_user_fds(pxe_t) | |
296273a7 | 55 | userdom_dontaudit_search_user_home_dirs(pxe_t) |
3411c3c3 | 56 | |
3411c3c3 CP |
57 | optional_policy(` |
58 | seutil_sigchld_newrole(pxe_t) | |
59 | ') | |
60 | ||
61 | optional_policy(` | |
62 | udev_read_db(pxe_t) | |
63 | ') |