[people/stevee/selinux-policy.git] / policy / modules / services / sysstat.te

policy_module(sysstat, 1.6.0)

########################################
#
# Declarations
#

type sysstat_t;
type sysstat_exec_t;
init_system_domain(sysstat_t, sysstat_exec_t)
role system_r types sysstat_t;

type sysstat_log_t;
logging_log_file(sysstat_log_t)

########################################
#
# Local policy
#

allow sysstat_t self:capability { dac_override sys_admin sys_resource sys_tty_config };
allow sysstat_t self:fifo_file rw_fifo_file_perms;

can_exec(sysstat_t, sysstat_exec_t)

manage_dirs_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
manage_lnk_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })

# get info from /proc
kernel_read_system_state(sysstat_t)
kernel_read_network_state(sysstat_t)
kernel_read_kernel_sysctls(sysstat_t)
kernel_read_fs_sysctls(sysstat_t)
kernel_read_rpc_sysctls(sysstat_t)

corecmd_exec_bin(sysstat_t)

dev_read_urand(sysstat_t)
dev_read_sysfs(sysstat_t)

files_search_var(sysstat_t)
# for mtab
files_read_etc_runtime_files(sysstat_t)
#for fstab
files_read_etc_files(sysstat_t)

fs_getattr_xattr_fs(sysstat_t)
fs_list_inotifyfs(sysstat_t)

term_use_console(sysstat_t)
term_use_all_terms(sysstat_t)

init_use_fds(sysstat_t)

locallogin_use_fds(sysstat_t)

miscfiles_read_localization(sysstat_t)

userdom_dontaudit_list_user_home_dirs(sysstat_t)

optional_policy(`
	cron_system_entry(sysstat_t, sysstat_exec_t)
')

optional_policy(`
	logging_send_syslog_msg(sysstat_t)
')

optional_policy(`
	nscd_socket_use(sysstat_t)
')
Commit	Line	Data
29af4c13	1	policy_module(sysstat, 1.6.0)
0f73fdea CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type sysstat_t;
	9	type sysstat_exec_t;
0bfccda4	10	init_system_domain(sysstat_t, sysstat_exec_t)
0f73fdea CP	11	role system_r types sysstat_t;
	12
	13	type sysstat_log_t;
	14	logging_log_file(sysstat_log_t)
	15
	16	########################################
	17	#
	18	# Local policy
	19	#
	20
3eaa9939	21	allow sysstat_t self:capability { dac_override sys_admin sys_resource sys_tty_config };
c0868a7a	22	allow sysstat_t self:fifo_file rw_fifo_file_perms;
0f73fdea CP	23
	24	can_exec(sysstat_t, sysstat_exec_t)
	25
08d7c733	26	manage_dirs_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
0bfccda4	27	manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
08d7c733	28	manage_lnk_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
0bfccda4	29	logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
0f73fdea CP	30
	31	# get info from /proc
	32	kernel_read_system_state(sysstat_t)
	33	kernel_read_network_state(sysstat_t)
445522dc CP	34	kernel_read_kernel_sysctls(sysstat_t)
	35	kernel_read_fs_sysctls(sysstat_t)
	36	kernel_read_rpc_sysctls(sysstat_t)
0f73fdea	37
0f73fdea CP	38	corecmd_exec_bin(sysstat_t)
	39
	40	dev_read_urand(sysstat_t)
86b28c95	41	dev_read_sysfs(sysstat_t)
0f73fdea CP	42
	43	files_search_var(sysstat_t)
	44	# for mtab
	45	files_read_etc_runtime_files(sysstat_t)
	46	#for fstab
	47	files_read_etc_files(sysstat_t)
	48
	49	fs_getattr_xattr_fs(sysstat_t)
657c226c	50	fs_list_inotifyfs(sysstat_t)
0f73fdea	51
9667c156	52	term_use_console(sysstat_t)
a5e2133b	53	term_use_all_terms(sysstat_t)
0f73fdea	54
1c1ac67f	55	init_use_fds(sysstat_t)
0f73fdea	56
a5e2133b CP	57	locallogin_use_fds(sysstat_t)
a5e2133b CP	58
0f73fdea CP	59	miscfiles_read_localization(sysstat_t)
0f73fdea CP	60
296273a7	61	userdom_dontaudit_list_user_home_dirs(sysstat_t)
0f73fdea	62
bb7170f6	63	optional_policy(`
0bfccda4	64	cron_system_entry(sysstat_t, sysstat_exec_t)
0f73fdea CP	65	')
0f73fdea CP	66
bb7170f6	67	optional_policy(`
0f73fdea CP	68	logging_send_syslog_msg(sysstat_t)
0f73fdea CP	69	')
3eaa9939 DW	70
	71	optional_policy(`
	72	nscd_socket_use(sysstat_t)
	73	')