1 policy_module(tgtd, 1.1.0)
3 ########################################
5 # TGTD personal declarations.
10 init_daemon_domain(tgtd_t, tgtd_exec_t)
12 type tgtd_initrc_exec_t;
13 init_script_file(tgtd_initrc_exec_t)
16 files_tmp_file(tgtd_tmp_t)
19 files_tmpfs_file(tgtd_tmpfs_t)
22 files_type(tgtd_var_lib_t)
24 ########################################
26 # TGTD personal policy.
29 allow tgtd_t self:capability sys_resource;
30 allow tgtd_t self:process { setrlimit signal };
31 allow tgtd_t self:fifo_file rw_fifo_file_perms;
32 allow tgtd_t self:netlink_route_socket { create_socket_perms nlmsg_read };
33 allow tgtd_t self:shm create_shm_perms;
34 allow tgtd_t self:sem create_sem_perms;
35 allow tgtd_t self:tcp_socket create_stream_socket_perms;
36 allow tgtd_t self:udp_socket create_socket_perms;
37 allow tgtd_t self:unix_dgram_socket create_socket_perms;
39 manage_sock_files_pattern(tgtd_t, tgtd_tmp_t, tgtd_tmp_t)
40 files_tmp_filetrans(tgtd_t, tgtd_tmp_t, { sock_file })
42 manage_files_pattern(tgtd_t, tgtd_tmpfs_t, tgtd_tmpfs_t)
43 fs_tmpfs_filetrans(tgtd_t, tgtd_tmpfs_t, file)
45 manage_dirs_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
46 manage_files_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
47 files_var_lib_filetrans(tgtd_t, tgtd_var_lib_t, { dir file })
49 kernel_read_fs_sysctls(tgtd_t)
51 corenet_all_recvfrom_netlabel(tgtd_t)
52 corenet_all_recvfrom_unlabeled(tgtd_t)
53 corenet_tcp_sendrecv_generic_if(tgtd_t)
54 corenet_tcp_sendrecv_generic_node(tgtd_t)
55 corenet_tcp_sendrecv_iscsi_port(tgtd_t)
56 corenet_tcp_bind_generic_node(tgtd_t)
57 corenet_tcp_bind_iscsi_port(tgtd_t)
58 corenet_sendrecv_iscsi_server_packets(tgtd_t)
60 dev_search_sysfs(tgtd_t)
62 files_read_etc_files(tgtd_t)
64 fs_read_anon_inodefs_files(tgtd_t)
66 storage_manage_fixed_disk(tgtd_t)
68 logging_send_syslog_msg(tgtd_t)
70 miscfiles_read_localization(tgtd_t)
73 iscsi_manage_semaphores(tgtd_t)
projects / people / stevee / selinux-policy.git / blob