## <li>files_pid_file()</li>
## <li>files_security_file()</li>
## <li>files_security_mountpoint()</li>
+## <li>files_spool_file()</li>
## <li>files_tmp_file()</li>
## <li>files_tmpfs_file()</li>
## <li>logging_log_file()</li>
delete_dirs_pattern($1, pidfile, pidfile)
')
+########################################
+## <summary>
+## Make the specified type a file
+## used for spool files.
+## </summary>
+## <desc>
+## <p>
+## Make the specified type usable for spool files.
+## This will also make the type usable for files, making
+## calls to files_type() redundant. Failure to use this interface
+## for a spool file may result in problems with
+## purging spool files.
+## </p>
+## <p>
+## Related interfaces:
+## </p>
+## <ul>
+## <li>files_spool_filetrans()</li>
+## </ul>
+## <p>
+## Example usage with a domain that can create and
+## write its spool file in the system spool file
+## directories (/var/spool):
+## </p>
+## <p>
+## type myspoolfile_t;
+## files_spool_file(myfile_spool_t)
+## allow mydomain_t myfile_spool_t:file { create_file_perms write_file_perms };
+## files_spool_filetrans(mydomain_t, myfile_spool_t, file)
+## </p>
+## </desc>
+## <param name="file_type">
+## <summary>
+## Type of the file to be used as a
+## spool file.
+## </summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`files_spool_file',`
+ gen_require(`
+ attribute spoolfile;
+ ')
+
+ files_type($1)
+ typeattribute $1 spoolfile;
+')
+
+########################################
+## <summary>
+## Create all spool sockets
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_create_all_spool_sockets',`
+ gen_require(`
+ attribute spoolfile;
+ ')
+
+ allow $1 spoolfile:sock_file create_sock_file_perms;
+')
+
+########################################
+## <summary>
+## Delete all spool sockets
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_delete_all_spool_sockets',`
+ gen_require(`
+ attribute spoolfile;
+ ')
+
+ allow $1 spoolfile:sock_file delete_sock_file_perms;
+')
+
########################################
## <summary>
## Search the contents of generic spool
attribute lockfile;
attribute mountpoint;
attribute pidfile;
+attribute spoolfile;
attribute configfile;
attribute etcfile;
#
type var_spool_t;
files_tmp_file(var_spool_t)
+files_spool_file(var_spool_t)
########################################
#
files_type(abrt_retrace_cache_t)
type abrt_retrace_spool_t;
-files_type(abrt_retrace_spool_t)
+files_spool_file(abrt_retrace_spool_t)
########################################
#
files_type(amavis_quarantine_t)
type amavis_spool_t;
-files_type(amavis_spool_t)
+files_spool_file(amavis_spool_t)
########################################
#
# File Type of squirrelmail attachments
type squirrelmail_spool_t;
files_tmp_file(squirrelmail_spool_t)
+files_spool_file(squirrelmail_spool_t)
optional_policy(`
prelink_object_file(httpd_modules_t)
logging_log_file(asterisk_log_t)
type asterisk_spool_t;
-files_type(asterisk_spool_t)
+files_spool_file(asterisk_spool_t)
type asterisk_tmp_t;
files_tmp_file(asterisk_tmp_t)
files_pid_file(callweaver_var_run_t)
type callweaver_spool_t;
-files_type(callweaver_spool_t)
+files_spool_file(callweaver_spool_t)
########################################
#
courier_domain_template(pop)
type courier_spool_t;
-files_type(courier_spool_t)
+files_spool_file(courier_spool_t)
courier_domain_template(tcpd)
application_executable_file(anacron_exec_t)
type cron_spool_t;
-files_type(cron_spool_t)
+files_spool_file(cron_spool_t)
# var/lib files
type cron_var_lib_t;
allow admin_crontab_t crond_t:process signal;
type system_cron_spool_t, cron_spool_type;
-files_type(system_cron_spool_t)
+files_spool_file(system_cron_spool_t)
type system_cronjob_t alias system_crond_t;
init_daemon_domain(system_cronjob_t, anacron_exec_t)
type user_cron_spool_t, cron_spool_type;
typealias user_cron_spool_t alias { staff_cron_spool_t sysadm_cron_spool_t unconfined_cron_spool_t };
typealias user_cron_spool_t alias { auditadm_cron_spool_t secadm_cron_spool_t };
-files_type(user_cron_spool_t)
+files_spool_file(user_cron_spool_t)
ubac_constrained(user_cron_spool_t)
mta_system_content(user_cron_spool_t)
logging_log_file(ctdbd_log_t)
type ctdbd_spool_t;
-files_type(ctdbd_spool_t)
+files_spool_file(ctdbd_spool_t)
type ctdbd_tmp_t;
files_tmp_file(ctdbd_tmp_t)
files_type(dovecot_passwd_t)
type dovecot_spool_t;
-files_type(dovecot_spool_t)
+files_spool_file(dovecot_spool_t)
type dovecot_tmp_t;
files_tmp_file(dovecot_tmp_t)
logging_log_file(exim_log_t)
type exim_spool_t;
-files_type(exim_spool_t)
+files_spool_file(exim_spool_t)
type exim_tmp_t;
files_tmp_file(exim_tmp_t)
type news_spool_t;
files_mountpoint(news_spool_t)
+files_spool_file(news_spool_t)
########################################
#
logging_log_file(pyicqt_log_t);
type pyicqt_var_spool_t;
-files_type(pyicqt_var_spool_t)
+files_spool_file(pyicqt_var_spool_t)
type pyicqt_var_run_t;
files_pid_file(pyicqt_var_run_t)
/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
+/var/cache/krb5rcache(/.*)? gen_context(system_u:object_r:krb5_host_rcache_t,s0)
+
+krb5_host_rcache_t
/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
/var/tmp/HTTP_23 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
type print_spool_t;
typealias print_spool_t alias { user_print_spool_t staff_print_spool_t sysadm_print_spool_t };
typealias print_spool_t alias { auditadm_print_spool_t secadm_print_spool_t };
-files_type(print_spool_t)
+files_spool_file(print_spool_t)
ubac_constrained(print_spool_t)
type printer_t;
type mqueue_spool_t;
files_mountpoint(mqueue_spool_t)
+files_spool_file(mqueue_spool_t)
type mail_spool_t;
files_mountpoint(mail_spool_t)
+files_spool_file(mail_spool_t)
type sendmail_exec_t;
mta_agent_executable(sendmail_exec_t)
files_pid_file(nagios_var_run_t)
type nagios_spool_t;
-files_type(nagios_spool_t)
+files_spool_file(nagios_spool_t)
nagios_plugin_template(admin)
nagios_plugin_template(checkdisk)
init_daemon_domain(plymouthd_t, plymouthd_exec_t)
type plymouthd_spool_t;
-files_type(plymouthd_spool_t)
+files_spool_file(plymouthd_spool_t)
type plymouthd_var_lib_t;
files_type(plymouthd_var_lib_t)
postfix_server_domain_template(bounce)
type postfix_spool_bounce_t, postfix_spool_type;
-files_type(postfix_spool_bounce_t)
+files_spool_file(postfix_spool_bounce_t)
postfix_server_domain_template(cleanup)
postfix_server_domain_template(smtpd)
type postfix_spool_t, postfix_spool_type;
-files_type(postfix_spool_t)
+files_spool_file(postfix_spool_t)
type postfix_spool_maildrop_t, postfix_spool_type;
-files_type(postfix_spool_maildrop_t)
+files_spool_file(postfix_spool_maildrop_t)
type postfix_spool_flush_t, postfix_spool_type;
-files_type(postfix_spool_flush_t)
+files_spool_file(postfix_spool_flush_t)
type postfix_public_t;
files_type(postfix_public_t)
init_script_file(postgrey_initrc_exec_t)
type postgrey_spool_t;
-files_type(postgrey_spool_t)
+files_spool_file(postgrey_spool_t)
type postgrey_var_lib_t;
files_type(postgrey_var_lib_t)
init_script_file(prelude_initrc_exec_t)
type prelude_spool_t;
-files_type(prelude_spool_t)
+files_spool_file(prelude_spool_t)
type prelude_log_t;
logging_log_file(prelude_log_t)
files_config_file(pyicqt_conf_t)
type pyicqt_spool_t;
-files_type(pyicqt_spool_t)
+files_spool_file(pyicqt_spool_t)
type pyicqt_var_run_t;
files_pid_file(pyicqt_var_run_t)
qmail_child_domain_template(qmail_splogger, qmail_start_t)
type qmail_spool_t;
-files_type(qmail_spool_t)
+files_spool_file(qmail_spool_t)
type qmail_start_t;
type qmail_start_exec_t;
corecmd_exec_bin(gssd_t)
-fs_search_nfsd_fs(gssd_t)
fs_list_rpc(gssd_t)
fs_rw_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
+fs_search_nfsd_fs(gssd_t)
fs_list_inotifyfs(gssd_t)
files_list_tmp(gssd_t)
files_type(rwho_log_t)
type rwho_spool_t;
-files_type(rwho_spool_t)
+files_spool_file(rwho_spool_t)
########################################
#
files_pid_file(slrnpull_var_run_t)
type slrnpull_spool_t;
-files_type(slrnpull_spool_t)
+files_spool_file(slrnpull_spool_t)
type slrnpull_log_t;
logging_log_file(slrnpull_log_t)
logging_log_file(spamd_log_t)
type spamd_spool_t;
-files_type(spamd_spool_t)
+files_spool_file(spamd_spool_t)
type spamd_tmp_t;
files_tmp_file(spamd_tmp_t)
files_config_file(uptimed_etc_t)
type uptimed_spool_t;
-files_type(uptimed_spool_t)
+files_spool_file(uptimed_spool_t)
type uptimed_var_run_t;
files_pid_file(uptimed_var_run_t)
files_type(uucpd_ro_t)
type uucpd_spool_t;
-files_type(uucpd_spool_t)
+files_spool_file(uucpd_spool_t)
type uucpd_log_t;
logging_log_file(uucpd_log_t)
files_config_file(xdm_rw_etc_t)
type xdm_spool_t;
-files_type(xdm_spool_t)
+files_spool_file(xdm_spool_t)
type xdm_var_lib_t;
files_type(xdm_var_lib_t)
dev_manage_sysfs_dirs(init_t)
dev_relabel_sysfs_dirs(init_t)
+ files_search_all(init_t)
files_mounton_all_mountpoints(init_t)
files_unmount_all_file_type_fs(init_t)
files_manage_all_pid_dirs(init_t)
files_relabel_all_pid_files(init_t)
files_create_all_pid_sockets(init_t)
files_delete_all_pid_sockets(init_t)
+ files_create_all_spool_sockets(init_t)
+ files_delete_all_spool_sockets(init_t)
files_manage_urandom_seed(init_t)
files_list_locks(init_t)
files_list_spool(init_t)
files_security_mountpoint(auditd_log_t)
type audit_spool_t;
-files_type(audit_spool_t)
+files_spool_file(audit_spool_t)
files_security_file(audit_spool_t)
files_security_mountpoint(audit_spool_t)
projects / people / stevee / selinux-policy.git / commitdiff
