1 policy_module(hostname, 1.7.0)
3 ########################################
10 init_system_domain(hostname_t, hostname_exec_t)
11 role system_r types hostname_t;
13 ########################################
18 # for setting the hostname
19 allow hostname_t self:process { sigchld sigkill sigstop signull signal };
20 allow hostname_t self:capability sys_admin;
21 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
22 dontaudit hostname_t self:capability sys_tty_config;
24 kernel_list_proc(hostname_t)
25 kernel_read_proc_symlinks(hostname_t)
27 dev_read_sysfs(hostname_t)
28 # Early devtmpfs, before udev relabel
29 dev_dontaudit_rw_generic_chr_files(hostname_t)
31 domain_dontaudit_leaks(hostname_t)
32 domain_use_interactive_fds(hostname_t)
34 files_read_etc_files(hostname_t)
35 files_dontaudit_leaks(hostname_t)
36 files_dontaudit_search_var(hostname_t)
37 # for when /usr is not mounted:
38 files_dontaudit_search_isid_type_dirs(hostname_t)
40 fs_getattr_xattr_fs(hostname_t)
41 fs_search_auto_mountpoints(hostname_t)
42 fs_dontaudit_leaks(hostname_t)
43 fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
45 term_dontaudit_use_console(hostname_t)
46 term_use_all_inherited_ttys(hostname_t)
47 term_use_all_inherited_ptys(hostname_t)
49 init_use_fds(hostname_t)
50 init_use_script_fds(hostname_t)
51 init_use_script_ptys(hostname_t)
52 init_rw_inherited_script_tmp_files(hostname_t)
54 logging_send_syslog_msg(hostname_t)
56 miscfiles_read_localization(hostname_t)
58 sysnet_read_config(hostname_t)
59 sysnet_dns_name_resolve(hostname_t)
62 nis_use_ypbind(hostname_t)
66 xen_append_log(hostname_t)
67 xen_dontaudit_use_fds(hostname_t)
71 unconfined_dontaudit_rw_pipes(hostname_t)