[people/stevee/selinux-policy.git] / policy / modules / services / vhostmd.te

policy_module(vhostmd, 1.0.0)

########################################
#
# Declarations
#

type vhostmd_t;
type vhostmd_exec_t;
init_daemon_domain(vhostmd_t, vhostmd_exec_t)

type vhostmd_initrc_exec_t;
init_script_file(vhostmd_initrc_exec_t)

type vhostmd_tmpfs_t;
files_tmpfs_file(vhostmd_tmpfs_t)

type vhostmd_var_run_t;
files_pid_file(vhostmd_var_run_t)

########################################
#
# vhostmd local policy
#

allow vhostmd_t self:capability { dac_override ipc_lock	setuid setgid };
allow vhostmd_t self:process { setsched getsched };
allow vhostmd_t self:fifo_file rw_file_perms;

manage_dirs_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
manage_files_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
fs_tmpfs_filetrans(vhostmd_t, vhostmd_tmpfs_t, { file dir })

manage_dirs_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
manage_files_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
files_pid_filetrans(vhostmd_t, vhostmd_var_run_t, { file dir })

kernel_read_system_state(vhostmd_t)
kernel_read_network_state(vhostmd_t)
kernel_write_xen_state(vhostmd_t)

corecmd_exec_bin(vhostmd_t)
corecmd_exec_shell(vhostmd_t)

corenet_tcp_connect_soundd_port(vhostmd_t)

# 579803
files_list_tmp(vhostmd_t)
files_read_etc_files(vhostmd_t)
files_read_usr_files(vhostmd_t)

dev_read_sysfs(vhostmd_t)

auth_use_nsswitch(vhostmd_t)

logging_send_syslog_msg(vhostmd_t)

miscfiles_read_localization(vhostmd_t)

optional_policy(`
	hostname_exec(vhostmd_t)
')

optional_policy(`
	rpm_exec(vhostmd_t)
	rpm_read_db(vhostmd_t)
')

optional_policy(`
	virt_stream_connect(vhostmd_t)
	virt_write_content(vhostmd_t)
')

optional_policy(`
	xen_domtrans_xm(vhostmd_t)
	xen_stream_connect(vhostmd_t)
	xen_stream_connect_xenstore(vhostmd_t)
	xen_stream_connect_xm(vhostmd_t)
')
Commit	Line	Data
6d4dbd20 CP	1	policy_module(vhostmd, 1.0.0)
	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type vhostmd_t;
	9	type vhostmd_exec_t;
	10	init_daemon_domain(vhostmd_t, vhostmd_exec_t)
	11
	12	type vhostmd_initrc_exec_t;
	13	init_script_file(vhostmd_initrc_exec_t)
	14
	15	type vhostmd_tmpfs_t;
	16	files_tmpfs_file(vhostmd_tmpfs_t)
	17
	18	type vhostmd_var_run_t;
	19	files_pid_file(vhostmd_var_run_t)
	20
	21	########################################
	22	#
	23	# vhostmd local policy
	24	#
	25
	26	allow vhostmd_t self:capability { dac_override ipc_lock setuid setgid };
	27	allow vhostmd_t self:process { setsched getsched };
	28	allow vhostmd_t self:fifo_file rw_file_perms;
	29
	30	manage_dirs_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
	31	manage_files_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
	32	fs_tmpfs_filetrans(vhostmd_t, vhostmd_tmpfs_t, { file dir })
	33
	34	manage_dirs_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
	35	manage_files_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
	36	files_pid_filetrans(vhostmd_t, vhostmd_var_run_t, { file dir })
	37
	38	kernel_read_system_state(vhostmd_t)
	39	kernel_read_network_state(vhostmd_t)
	40	kernel_write_xen_state(vhostmd_t)
	41
	42	corecmd_exec_bin(vhostmd_t)
	43	corecmd_exec_shell(vhostmd_t)
	44
	45	corenet_tcp_connect_soundd_port(vhostmd_t)
	46
3eaa9939 DW	47	# 579803
3eaa9939 DW	48	files_list_tmp(vhostmd_t)
6d4dbd20 CP	49	files_read_etc_files(vhostmd_t)
	50	files_read_usr_files(vhostmd_t)
	51
	52	dev_read_sysfs(vhostmd_t)
	53
	54	auth_use_nsswitch(vhostmd_t)
	55
	56	logging_send_syslog_msg(vhostmd_t)
	57
	58	miscfiles_read_localization(vhostmd_t)
	59
	60	optional_policy(`
	61	hostname_exec(vhostmd_t)
	62	')
	63
	64	optional_policy(`
	65	rpm_exec(vhostmd_t)
	66	rpm_read_db(vhostmd_t)
	67	')
	68
	69	optional_policy(`
	70	virt_stream_connect(vhostmd_t)
3eaa9939	71	virt_write_content(vhostmd_t)
6d4dbd20 CP	72	')
	73
	74	optional_policy(`
	75	xen_domtrans_xm(vhostmd_t)
	76	xen_stream_connect(vhostmd_t)
	77	xen_stream_connect_xenstore(vhostmd_t)
	78	xen_stream_connect_xm(vhostmd_t)
	79	')