policy/modules/admin/dmesg.te

   1 policy_module(dmesg, 1.3.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type dmesg_t;
   9 type dmesg_exec_t;
  10 init_system_domain(dmesg_t, dmesg_exec_t)
  11
  12 ########################################
  13 #
  14 # Local policy
  15 #
  16
  17 allow dmesg_t self:capability sys_admin;
  18 dontaudit dmesg_t self:capability sys_tty_config;
  19
  20 allow dmesg_t self:process signal_perms;
  21
  22 kernel_read_kernel_sysctls(dmesg_t)
  23 kernel_read_ring_buffer(dmesg_t)
  24 kernel_clear_ring_buffer(dmesg_t)
  25 kernel_change_ring_buffer_level(dmesg_t)
  26 kernel_list_proc(dmesg_t)
  27 kernel_read_proc_symlinks(dmesg_t)
  28
  29 dev_read_sysfs(dmesg_t)
  30
  31 fs_search_auto_mountpoints(dmesg_t)
  32
  33 term_dontaudit_use_console(dmesg_t)
  34
  35 domain_use_interactive_fds(dmesg_t)
  36
  37 files_list_etc(dmesg_t)
  38 # for when /usr is not mounted:
  39 files_dontaudit_search_isid_type_dirs(dmesg_t)
  40
  41 init_use_fds(dmesg_t)
  42 init_use_script_ptys(dmesg_t)
  43
  44 logging_send_syslog_msg(dmesg_t)
  45 logging_write_generic_logs(dmesg_t)
  46
  47 miscfiles_read_localization(dmesg_t)
  48
  49 userdom_dontaudit_use_unpriv_user_fds(dmesg_t)
  50 userdom_use_user_terminals(dmesg_t)
  51
  52 optional_policy(`
  53         abrt_cache_append(dmesg_t)
  54         abrt_rw_fifo_file(dmesg_t)
  55         abrt_manage_pid_files(dmesg_t)
  56 ')
  57
  58 optional_policy(`
  59         seutil_sigchld_newrole(dmesg_t)
  60 ')
  61
  62 optional_policy(`
  63         udev_read_db(dmesg_t)
  64 ')