]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/system/iscsi.te
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge upstream
[people/stevee/selinux-policy.git] / policy / modules / system / iscsi.te
CommitLineData
29af4c13 1policy_module(iscsi, 1.7.0)
d9845ae9
CP		 2
3########################################
4#
5# Declarations
6#
7
8type iscsid_t;
9type iscsid_exec_t;
10domain_type(iscsid_t)
11init_daemon_domain(iscsid_t, iscsid_exec_t)
12
13type iscsi_lock_t;
14files_lock_file(iscsi_lock_t)
15
30496b15
CP		 16type iscsi_log_t;
17logging_log_file(iscsi_log_t)
18
d9845ae9
CP		 19type iscsi_tmp_t;
20files_tmp_file(iscsi_tmp_t)
21
22type iscsi_var_lib_t;
23files_type(iscsi_var_lib_t)
24
25type iscsi_var_run_t;
26files_pid_file(iscsi_var_run_t)
27
28########################################
29#
30# iscsid local policy
31#
32
244b45d2 33allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_admin sys_nice sys_resource };
e0ed765c 34allow iscsid_t self:process { setrlimit setsched signal };
0b36a214 35allow iscsid_t self:fifo_file rw_fifo_file_perms;
d9845ae9
CP		 36allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
37allow iscsid_t self:unix_dgram_socket create_socket_perms;
38allow iscsid_t self:sem create_sem_perms;
39allow iscsid_t self:shm create_shm_perms;
40allow iscsid_t self:netlink_socket create_socket_perms;
30496b15 41allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms;
d9845ae9
CP		 42allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
43allow iscsid_t self:tcp_socket create_stream_socket_perms;
44
30496b15
CP		 45can_exec(iscsid_t, iscsid_exec_t)
46
244b45d2
CP		 47manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
48files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
d9845ae9 49
30496b15
CP		 50manage_files_pattern(iscsid_t, iscsi_log_t, iscsi_log_t)
51logging_log_filetrans(iscsid_t, iscsi_log_t, file)
52
53manage_dirs_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
54manage_files_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
55fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, { dir file } )
d9845ae9
CP		 56
57allow iscsid_t iscsi_var_lib_t:dir list_dir_perms;
3f67f722
CP		 58read_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
59read_lnk_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
d9845ae9
CP		 60files_search_var_lib(iscsid_t)
61
3f67f722
CP		 62manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
63files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
d9845ae9 64
30496b15 65kernel_read_network_state(iscsid_t)
eaed904c
CP		 66kernel_read_system_state(iscsid_t)
67
19006686
CP		 68corenet_all_recvfrom_unlabeled(iscsid_t)
69corenet_all_recvfrom_netlabel(iscsid_t)
668b3093 70corenet_tcp_sendrecv_generic_if(iscsid_t)
c1262146 71corenet_tcp_sendrecv_generic_node(iscsid_t)
d9845ae9
CP		 72corenet_tcp_sendrecv_all_ports(iscsid_t)
73corenet_tcp_connect_http_port(iscsid_t)
74corenet_tcp_connect_iscsi_port(iscsid_t)
e0ed765c 75corenet_tcp_connect_isns_port(iscsid_t)
d9845ae9
CP		 76
77dev_rw_sysfs(iscsid_t)
30496b15 78dev_rw_userio_dev(iscsid_t)
3eaa9939
DW		 79dev_read_raw_memory(iscsid_t)
80dev_write_raw_memory(iscsid_t)
d9845ae9
CP		 81
82domain_use_interactive_fds(iscsid_t)
30496b15 83domain_dontaudit_read_all_domains_state(iscsid_t)
d9845ae9
CP		 84
85files_read_etc_files(iscsid_t)
86
0f982dad 87auth_use_nsswitch(iscsid_t)
d9845ae9 88
30496b15
CP		 89init_stream_connect_script(iscsid_t)
90
91logging_send_syslog_msg(iscsid_t)
92
0f982dad 93miscfiles_read_localization(iscsid_t)
30496b15
CP		 94
95optional_policy(`
3b0a9c74 96 tgtd_manage_semaphores(iscsid_t)
30496b15 97')
The IPFire selinux policy.