[people/stevee/selinux-policy.git] / policy / modules / services / sysstat.te


policy_module(sysstat, 1.6.0)

########################################
#
# Declarations
#

type sysstat_t;
type sysstat_exec_t;
init_system_domain(sysstat_t, sysstat_exec_t)
role system_r types sysstat_t;

type sysstat_log_t;
logging_log_file(sysstat_log_t)

########################################
#
# Local policy
#

allow sysstat_t self:capability { dac_override sys_resource sys_tty_config };
dontaudit sysstat_t self:capability sys_admin;
allow sysstat_t self:fifo_file rw_fifo_file_perms;

can_exec(sysstat_t, sysstat_exec_t)

manage_dirs_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
manage_lnk_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })

# get info from /proc
kernel_read_system_state(sysstat_t)
kernel_read_network_state(sysstat_t)
kernel_read_kernel_sysctls(sysstat_t)
kernel_read_fs_sysctls(sysstat_t)
kernel_read_rpc_sysctls(sysstat_t)

corecmd_exec_bin(sysstat_t)

dev_read_urand(sysstat_t)
dev_read_sysfs(sysstat_t)

files_search_var(sysstat_t)
# for mtab
files_read_etc_runtime_files(sysstat_t)
#for fstab
files_read_etc_files(sysstat_t)

fs_getattr_xattr_fs(sysstat_t)
fs_list_inotifyfs(sysstat_t)

term_use_console(sysstat_t)
term_use_all_terms(sysstat_t)

init_use_fds(sysstat_t)

locallogin_use_fds(sysstat_t)

miscfiles_read_localization(sysstat_t)

userdom_dontaudit_list_user_home_dirs(sysstat_t)

optional_policy(`
	cron_system_entry(sysstat_t, sysstat_exec_t)
')

optional_policy(`
	logging_send_syslog_msg(sysstat_t)
')
Commit	Line	Data
0f73fdea	1
29af4c13	2	policy_module(sysstat, 1.6.0)
0f73fdea CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type sysstat_t;
	10	type sysstat_exec_t;
0bfccda4	11	init_system_domain(sysstat_t, sysstat_exec_t)
0f73fdea CP	12	role system_r types sysstat_t;
	13
	14	type sysstat_log_t;
	15	logging_log_file(sysstat_log_t)
	16
	17	########################################
	18	#
	19	# Local policy
	20	#
	21
08d7c733	22	allow sysstat_t self:capability { dac_override sys_resource sys_tty_config };
0f73fdea	23	dontaudit sysstat_t self:capability sys_admin;
c0868a7a	24	allow sysstat_t self:fifo_file rw_fifo_file_perms;
0f73fdea CP	25
	26	can_exec(sysstat_t, sysstat_exec_t)
	27
08d7c733	28	manage_dirs_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
0bfccda4	29	manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
08d7c733	30	manage_lnk_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
0bfccda4	31	logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
0f73fdea CP	32
	33	# get info from /proc
	34	kernel_read_system_state(sysstat_t)
	35	kernel_read_network_state(sysstat_t)
445522dc CP	36	kernel_read_kernel_sysctls(sysstat_t)
	37	kernel_read_fs_sysctls(sysstat_t)
	38	kernel_read_rpc_sysctls(sysstat_t)
0f73fdea	39
0f73fdea CP	40	corecmd_exec_bin(sysstat_t)
	41
	42	dev_read_urand(sysstat_t)
86b28c95	43	dev_read_sysfs(sysstat_t)
0f73fdea CP	44
	45	files_search_var(sysstat_t)
	46	# for mtab
	47	files_read_etc_runtime_files(sysstat_t)
	48	#for fstab
	49	files_read_etc_files(sysstat_t)
	50
	51	fs_getattr_xattr_fs(sysstat_t)
657c226c	52	fs_list_inotifyfs(sysstat_t)
0f73fdea	53
9667c156	54	term_use_console(sysstat_t)
a5e2133b	55	term_use_all_terms(sysstat_t)
0f73fdea	56
1c1ac67f	57	init_use_fds(sysstat_t)
0f73fdea	58
a5e2133b CP	59	locallogin_use_fds(sysstat_t)
a5e2133b CP	60
0f73fdea CP	61	miscfiles_read_localization(sysstat_t)
0f73fdea CP	62
296273a7	63	userdom_dontaudit_list_user_home_dirs(sysstat_t)
0f73fdea	64
bb7170f6	65	optional_policy(`
0bfccda4	66	cron_system_entry(sysstat_t, sysstat_exec_t)
0f73fdea CP	67	')
0f73fdea CP	68
bb7170f6	69	optional_policy(`
0f73fdea CP	70	logging_send_syslog_msg(sysstat_t)
0f73fdea CP	71	')