2 policy_module(hostname, 1.6.0)
4 ########################################
11 init_system_domain(hostname_t,hostname_exec_t)
12 role system_r types hostname_t;
14 ########################################
19 # for setting the hostname
20 allow hostname_t self:process { sigchld sigkill sigstop signull signal };
21 allow hostname_t self:capability sys_admin;
22 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
23 dontaudit hostname_t self:capability sys_tty_config;
25 kernel_list_proc(hostname_t)
26 kernel_read_proc_symlinks(hostname_t)
28 dev_read_sysfs(hostname_t)
30 fs_getattr_xattr_fs(hostname_t)
31 fs_search_auto_mountpoints(hostname_t)
32 fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
34 term_dontaudit_use_console(hostname_t)
35 term_use_all_user_ttys(hostname_t)
36 term_use_all_user_ptys(hostname_t)
38 init_use_fds(hostname_t)
39 init_use_script_fds(hostname_t)
40 init_use_script_ptys(hostname_t)
42 domain_use_interactive_fds(hostname_t)
44 files_read_etc_files(hostname_t)
45 files_dontaudit_search_var(hostname_t)
46 # for when /usr is not mounted:
47 files_dontaudit_search_isid_type_dirs(hostname_t)
49 logging_send_syslog_msg(hostname_t)
51 miscfiles_read_localization(hostname_t)
53 sysnet_read_config(hostname_t)
54 sysnet_dns_name_resolve(hostname_t)
57 xen_append_log(hostname_t)
58 xen_dontaudit_use_fds(hostname_t)
62 xen_append_log(hostname_t)
66 unconfined_dontaudit_rw_pipes(hostname_t)