policy/modules/services/tgtd.te

   1 policy_module(tgtd, 1.1.1)
   2
   3 ########################################
   4 #
   5 # TGTD personal declarations.
   6 #
   7
   8 type tgtd_t;
   9 type tgtd_exec_t;
  10 init_daemon_domain(tgtd_t, tgtd_exec_t)
  11
  12 type tgtd_initrc_exec_t;
  13 init_script_file(tgtd_initrc_exec_t)
  14
  15 type tgtd_tmp_t;
  16 files_tmp_file(tgtd_tmp_t)
  17
  18 type tgtd_tmpfs_t;
  19 files_tmpfs_file(tgtd_tmpfs_t)
  20
  21 type tgtd_var_lib_t;
  22 files_type(tgtd_var_lib_t)
  23
  24 type tgtd_var_run_t;
  25 files_pid_file(tgtd_var_run_t)
  26
  27 ########################################
  28 #
  29 # TGTD personal policy.
  30 #
  31
  32 allow tgtd_t self:capability sys_resource;
  33 allow tgtd_t self:process { setrlimit signal };
  34 allow tgtd_t self:fifo_file rw_fifo_file_perms;
  35 allow tgtd_t self:netlink_route_socket create_netlink_socket_perms;
  36 allow tgtd_t self:shm create_shm_perms;
  37 allow tgtd_t self:sem create_sem_perms;
  38 allow tgtd_t self:tcp_socket create_stream_socket_perms;
  39 allow tgtd_t self:udp_socket create_socket_perms;
  40 allow tgtd_t self:unix_dgram_socket create_socket_perms;
  41
  42 manage_sock_files_pattern(tgtd_t, tgtd_tmp_t, tgtd_tmp_t)
  43 files_tmp_filetrans(tgtd_t, tgtd_tmp_t, { sock_file })
  44
  45 manage_files_pattern(tgtd_t, tgtd_tmpfs_t, tgtd_tmpfs_t)
  46 fs_tmpfs_filetrans(tgtd_t, tgtd_tmpfs_t, file)
  47
  48 manage_dirs_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
  49 manage_files_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
  50 files_var_lib_filetrans(tgtd_t, tgtd_var_lib_t, { dir file })
  51
  52 manage_dirs_pattern(tgtd_t, tgtd_var_run_t,tgtd_var_run_t)
  53 manage_files_pattern(tgtd_t, tgtd_var_run_t,tgtd_var_run_t)
  54 manage_sock_files_pattern(tgtd_t, tgtd_var_run_t,tgtd_var_run_t)
  55 files_pid_filetrans(tgtd_t,tgtd_var_run_t, { file sock_file })
  56
  57 kernel_read_system_state(tgtd_t)
  58 kernel_read_fs_sysctls(tgtd_t)
  59
  60 corenet_all_recvfrom_netlabel(tgtd_t)
  61 corenet_all_recvfrom_unlabeled(tgtd_t)
  62 corenet_tcp_sendrecv_generic_if(tgtd_t)
  63 corenet_tcp_sendrecv_generic_node(tgtd_t)
  64 corenet_tcp_sendrecv_iscsi_port(tgtd_t)
  65 corenet_tcp_bind_generic_node(tgtd_t)
  66 corenet_tcp_bind_iscsi_port(tgtd_t)
  67 corenet_sendrecv_iscsi_server_packets(tgtd_t)
  68
  69 dev_search_sysfs(tgtd_t)
  70
  71 files_read_etc_files(tgtd_t)
  72
  73 fs_read_anon_inodefs_files(tgtd_t)
  74
  75 storage_manage_fixed_disk(tgtd_t)
  76
  77 logging_send_syslog_msg(tgtd_t)
  78
  79 miscfiles_read_localization(tgtd_t)
  80
  81 optional_policy(`
  82         iscsi_manage_semaphores(tgtd_t)
  83 ')