1 policy_module(denyhosts, 1.0.0)
3 ########################################
5 # DenyHosts personal declarations.
10 init_daemon_domain(denyhosts_t, denyhosts_exec_t)
12 type denyhosts_initrc_exec_t;
13 init_script_file(denyhosts_initrc_exec_t)
15 type denyhosts_var_lib_t;
16 files_type(denyhosts_var_lib_t)
18 type denyhosts_var_lock_t;
19 files_lock_file(denyhosts_var_lock_t)
21 type denyhosts_var_log_t;
22 logging_log_file(denyhosts_var_log_t)
24 ########################################
26 # DenyHosts personal policy.
29 allow denyhosts_t self:capability sys_tty_config;
30 allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
31 allow denyhosts_t self:tcp_socket create_socket_perms;
32 allow denyhosts_t self:udp_socket create_socket_perms;
34 manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
35 files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)
37 manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
38 manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
39 files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })
41 append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
42 create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
43 read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
44 setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
45 logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)
47 kernel_read_system_state(denyhosts_t)
49 corecmd_exec_bin(denyhosts_t)
51 corenet_all_recvfrom_unlabeled(denyhosts_t)
52 corenet_all_recvfrom_netlabel(denyhosts_t)
53 corenet_tcp_sendrecv_generic_if(denyhosts_t)
54 corenet_tcp_sendrecv_generic_node(denyhosts_t)
55 corenet_tcp_bind_generic_node(denyhosts_t)
56 corenet_tcp_connect_smtp_port(denyhosts_t)
57 corenet_tcp_connect_sype_port(denyhosts_t)
58 corenet_sendrecv_smtp_client_packets(denyhosts_t)
60 dev_read_urand(denyhosts_t)
62 files_read_etc_files(denyhosts_t)
63 files_read_usr_files(denyhosts_t)
66 logging_read_generic_logs(denyhosts_t)
67 logging_send_syslog_msg(denyhosts_t)
69 miscfiles_read_localization(denyhosts_t)
71 sysnet_dns_name_resolve(denyhosts_t)
72 sysnet_manage_config(denyhosts_t)
73 sysnet_etc_filetrans_config(denyhosts_t)
76 cron_system_entry(denyhosts_t, denyhosts_exec_t)
80 gnome_dontaudit_search_config(denyhosts_t)