]>
Commit | Line | Data |
---|---|---|
9570b288 | 1 | policy_module(rshd, 1.7.0) |
545b0c91 CP |
2 | |
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | type rshd_t; | |
8 | type rshd_exec_t; | |
8242f5a6 | 9 | inetd_tcp_service_domain(rshd_t, rshd_exec_t) |
1815bad1 CP |
10 | domain_subj_id_change_exemption(rshd_t) |
11 | domain_role_change_exemption(rshd_t) | |
545b0c91 CP |
12 | role system_r types rshd_t; |
13 | ||
14 | ######################################## | |
15 | # | |
16 | # Local policy | |
17 | # | |
01e9e7db | 18 | allow rshd_t self:capability { kill setuid setgid fowner fsetid chown dac_override }; |
545b0c91 | 19 | allow rshd_t self:process { signal_perms fork setsched setpgid setexec }; |
c0868a7a | 20 | allow rshd_t self:fifo_file rw_fifo_file_perms; |
545b0c91 CP |
21 | allow rshd_t self:tcp_socket create_stream_socket_perms; |
22 | ||
445522dc | 23 | kernel_read_kernel_sysctls(rshd_t) |
545b0c91 | 24 | |
19006686 CP |
25 | corenet_all_recvfrom_unlabeled(rshd_t) |
26 | corenet_all_recvfrom_netlabel(rshd_t) | |
09741b1f CP |
27 | corenet_tcp_sendrecv_generic_if(rshd_t) |
28 | corenet_udp_sendrecv_generic_if(rshd_t) | |
c1262146 CP |
29 | corenet_tcp_sendrecv_generic_node(rshd_t) |
30 | corenet_udp_sendrecv_generic_node(rshd_t) | |
545b0c91 | 31 | corenet_tcp_sendrecv_all_ports(rshd_t) |
09741b1f | 32 | corenet_udp_sendrecv_all_ports(rshd_t) |
c1262146 | 33 | corenet_tcp_bind_generic_node(rshd_t) |
0907bda1 | 34 | corenet_tcp_bind_rsh_port(rshd_t) |
01e9e7db CP |
35 | corenet_tcp_bind_all_rpc_ports(rshd_t) |
36 | corenet_tcp_connect_all_ports(rshd_t) | |
37 | corenet_tcp_connect_all_rpc_ports(rshd_t) | |
141cffdd | 38 | corenet_sendrecv_rsh_server_packets(rshd_t) |
545b0c91 CP |
39 | |
40 | dev_read_urand(rshd_t) | |
41 | ||
42 | selinux_get_fs_mount(rshd_t) | |
43 | selinux_validate_context(rshd_t) | |
44 | selinux_compute_access_vector(rshd_t) | |
45 | selinux_compute_create_context(rshd_t) | |
46 | selinux_compute_relabel_context(rshd_t) | |
47 | selinux_compute_user_contexts(rshd_t) | |
48 | ||
1815bad1 | 49 | corecmd_read_bin_symlinks(rshd_t) |
545b0c91 CP |
50 | |
51 | files_list_home(rshd_t) | |
52 | files_read_etc_files(rshd_t) | |
53 | files_search_tmp(rshd_t) | |
54 | ||
01e9e7db CP |
55 | auth_login_pgm_domain(rshd_t) |
56 | auth_write_login_records(rshd_t) | |
57 | ||
58 | init_rw_utmp(rshd_t) | |
09e21686 | 59 | |
09741b1f | 60 | logging_send_syslog_msg(rshd_t) |
01e9e7db | 61 | logging_search_logs(rshd_t) |
545b0c91 CP |
62 | |
63 | miscfiles_read_localization(rshd_t) | |
64 | ||
65 | seutil_read_config(rshd_t) | |
66 | seutil_read_default_contexts(rshd_t) | |
67 | ||
296273a7 | 68 | userdom_search_user_home_content(rshd_t) |
3eaa9939 | 69 | userdom_manage_tmp_role(system_r, rshd_t) |
545b0c91 | 70 | |
545b0c91 CP |
71 | tunable_policy(`use_nfs_home_dirs',` |
72 | fs_read_nfs_files(rshd_t) | |
73 | fs_read_nfs_symlinks(rshd_t) | |
74 | ') | |
75 | ||
76 | tunable_policy(`use_samba_home_dirs',` | |
725926c5 CP |
77 | fs_read_cifs_files(rshd_t) |
78 | fs_read_cifs_symlinks(rshd_t) | |
545b0c91 CP |
79 | ') |
80 | ||
bb7170f6 | 81 | optional_policy(` |
01e9e7db CP |
82 | kerberos_keytab_template(rshd, rshd_t) |
83 | kerberos_manage_host_rcache(rshd_t) | |
545b0c91 CP |
84 | ') |
85 | ||
45515556 CP |
86 | optional_policy(` |
87 | rlogin_read_home_content(rshd_t) | |
88 | ') | |
89 | ||
bb7170f6 | 90 | optional_policy(` |
0bfccda4 | 91 | tcpd_wrapped_domain(rshd_t, rshd_exec_t) |
545b0c91 | 92 | ') |
350b6ab7 CP |
93 | |
94 | optional_policy(` | |
95 | unconfined_shell_domtrans(rshd_t) | |
01e9e7db | 96 | unconfined_signal(rshd_t) |
350b6ab7 | 97 | ') |