]>
Commit | Line | Data |
---|---|---|
b82eab39 DW |
1 | policy_module(vdagent,1.0.0) |
2 | ||
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | ||
8 | type vdagent_t; | |
9 | type vdagent_exec_t; | |
461fd347 MG |
10 | init_daemon_domain(vdagent_t, vdagent_exec_t) |
11 | ||
b82eab39 DW |
12 | type vdagent_var_run_t; |
13 | files_pid_file(vdagent_var_run_t) | |
14 | ||
461fd347 MG |
15 | type vdagent_log_t; |
16 | logging_log_file(vdagent_log_t) | |
b82eab39 DW |
17 | |
18 | ######################################## | |
19 | # | |
20 | # vdagent local policy | |
21 | # | |
b82eab39 | 22 | |
207a7fc4 MG |
23 | dontaudit vdagent_t self:capability sys_admin; |
24 | ||
b82eab39 DW |
25 | allow vdagent_t self:fifo_file rw_fifo_file_perms; |
26 | allow vdagent_t self:unix_stream_socket create_stream_socket_perms; | |
27 | ||
b82eab39 | 28 | manage_dirs_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t) |
461fd347 | 29 | manage_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t) |
b82eab39 | 30 | manage_sock_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t) |
461fd347 MG |
31 | files_pid_filetrans(vdagent_t, vdagent_var_run_t, { dir file sock_file }) |
32 | ||
33 | manage_dirs_pattern(vdagent_t, vdagent_log_t, vdagent_log_t) | |
34 | manage_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t) | |
35 | logging_log_filetrans(vdagent_t, vdagent_log_t, { file }) | |
b82eab39 | 36 | |
461fd347 | 37 | dev_rw_input_dev(vdagent_t) |
207a7fc4 MG |
38 | dev_read_sysfs(vdagent_t) |
39 | dev_dontaudit_write_mtrr(vdagent_t) | |
40 | ||
41 | files_read_etc_files(vdagent_t) | |
b82eab39 | 42 | |
461fd347 | 43 | term_use_virtio_console(vdagent_t) |
b82eab39 DW |
44 | |
45 | miscfiles_read_localization(vdagent_t) | |
46 | ||
461fd347 MG |
47 | optional_policy(` |
48 | consolekit_dbus_chat(vdagent_t) | |
49 | ') | |
50 | ||
51 | optional_policy(` | |
52 | dbus_system_bus_client(vdagent_t) | |
53 | ') | |
54 |