]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/services/vdagent.te
Allow munin services plugins to use NSCD services
[people/stevee/selinux-policy.git] / policy / modules / services / vdagent.te
CommitLineData
b82eab39
DW
1policy_module(vdagent,1.0.0)
2
3########################################
4#
5# Declarations
6#
7
8type vdagent_t;
9type vdagent_exec_t;
461fd347
MG
10init_daemon_domain(vdagent_t, vdagent_exec_t)
11
b82eab39
DW
12type vdagent_var_run_t;
13files_pid_file(vdagent_var_run_t)
14
461fd347
MG
15type vdagent_log_t;
16logging_log_file(vdagent_log_t)
b82eab39
DW
17
18########################################
19#
20# vdagent local policy
21#
b82eab39 22
207a7fc4
MG
23dontaudit vdagent_t self:capability sys_admin;
24
b82eab39
DW
25allow vdagent_t self:fifo_file rw_fifo_file_perms;
26allow vdagent_t self:unix_stream_socket create_stream_socket_perms;
27
b82eab39 28manage_dirs_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
461fd347 29manage_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
b82eab39 30manage_sock_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
461fd347
MG
31files_pid_filetrans(vdagent_t, vdagent_var_run_t, { dir file sock_file })
32
33manage_dirs_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
34manage_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
35logging_log_filetrans(vdagent_t, vdagent_log_t, { file })
b82eab39 36
461fd347 37dev_rw_input_dev(vdagent_t)
207a7fc4
MG
38dev_read_sysfs(vdagent_t)
39dev_dontaudit_write_mtrr(vdagent_t)
40
41files_read_etc_files(vdagent_t)
b82eab39 42
461fd347 43term_use_virtio_console(vdagent_t)
b82eab39
DW
44
45miscfiles_read_localization(vdagent_t)
46
461fd347
MG
47optional_policy(`
48 consolekit_dbus_chat(vdagent_t)
49')
50
51optional_policy(`
52 dbus_system_bus_client(vdagent_t)
53')
54