policy/modules/system/hostname.te

   1
   2 policy_module(hostname, 1.6.0)
   3
   4 ########################################
   5 #
   6 # Declarations
   7 #
   8
   9 type hostname_t;
  10 type hostname_exec_t;
  11 init_system_domain(hostname_t,hostname_exec_t)
  12 role system_r types hostname_t;
  13
  14 ########################################
  15 #
  16 # Local policy
  17 #
  18
  19 # for setting the hostname
  20 allow hostname_t self:process { sigchld sigkill sigstop signull signal };
  21 allow hostname_t self:capability sys_admin;
  22 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
  23 dontaudit hostname_t self:capability sys_tty_config;
  24
  25 kernel_list_proc(hostname_t)
  26 kernel_read_proc_symlinks(hostname_t)
  27
  28 dev_read_sysfs(hostname_t)
  29
  30 fs_getattr_xattr_fs(hostname_t)
  31 fs_search_auto_mountpoints(hostname_t)
  32 fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
  33
  34 term_dontaudit_use_console(hostname_t)
  35 term_use_all_user_ttys(hostname_t)
  36 term_use_all_user_ptys(hostname_t)
  37
  38 init_use_fds(hostname_t)
  39 init_use_script_fds(hostname_t)
  40 init_use_script_ptys(hostname_t)
  41
  42 domain_use_interactive_fds(hostname_t)
  43
  44 files_read_etc_files(hostname_t)
  45 files_dontaudit_search_var(hostname_t)
  46 # for when /usr is not mounted:
  47 files_dontaudit_search_isid_type_dirs(hostname_t)
  48
  49 logging_send_syslog_msg(hostname_t)
  50
  51 miscfiles_read_localization(hostname_t)
  52
  53 sysnet_read_config(hostname_t)
  54 sysnet_dns_name_resolve(hostname_t)
  55
  56 optional_policy(`
  57         xen_append_log(hostname_t)
  58         xen_dontaudit_use_fds(hostname_t)
  59 ')
  60
  61 optional_policy(`
  62         xen_append_log(hostname_t)
  63 ')
  64
  65 optional_policy(`
  66         unconfined_dontaudit_rw_pipes(hostname_t)
  67 ')