selinux-policy/policy/modules/services/denyhosts.te

policy_module(denyhosts, 1.0.0)

########################################
#
# DenyHosts personal declarations.
#

type denyhosts_t;
type denyhosts_exec_t;
init_daemon_domain(denyhosts_t, denyhosts_exec_t)

type denyhosts_initrc_exec_t;
init_script_file(denyhosts_initrc_exec_t)

type denyhosts_var_lib_t;
files_type(denyhosts_var_lib_t)

type denyhosts_var_lock_t;
files_lock_file(denyhosts_var_lock_t)

type denyhosts_var_log_t;
logging_log_file(denyhosts_var_log_t)

########################################
#
# DenyHosts personal policy.
#
# Bug #588563
allow denyhosts_t self:capability sys_tty_config;
allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
allow denyhosts_t self:tcp_socket create_socket_perms;
allow denyhosts_t self:udp_socket create_socket_perms;

manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)

manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })

append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)

kernel_read_system_state(denyhosts_t)

corecmd_exec_bin(denyhosts_t)

corenet_all_recvfrom_unlabeled(denyhosts_t)
corenet_all_recvfrom_netlabel(denyhosts_t)
corenet_tcp_sendrecv_generic_if(denyhosts_t)
corenet_tcp_sendrecv_generic_node(denyhosts_t)
corenet_tcp_bind_generic_node(denyhosts_t)
corenet_tcp_connect_smtp_port(denyhosts_t)
corenet_tcp_connect_sype_port(denyhosts_t)
corenet_sendrecv_smtp_client_packets(denyhosts_t)

dev_read_urand(denyhosts_t)

files_read_etc_files(denyhosts_t)
files_read_usr_files(denyhosts_t)

# /var/log/secure
logging_read_generic_logs(denyhosts_t)
logging_send_syslog_msg(denyhosts_t)

miscfiles_read_localization(denyhosts_t)

sysnet_dns_name_resolve(denyhosts_t)
sysnet_manage_config(denyhosts_t)
sysnet_etc_filetrans_config(denyhosts_t)

optional_policy(`
	cron_system_entry(denyhosts_t, denyhosts_exec_t)
')

optional_policy(`
	gnome_dontaudit_search_config(denyhosts_t)
')
Add DenyHosts from Dan Walsh. 2010-04-20 13:46:20 +00:00			`policy_module(denyhosts, 1.0.0)`

			`########################################`
			`#`
			`# DenyHosts personal declarations.`
			`#`

			`type denyhosts_t;`
			`type denyhosts_exec_t;`
			`init_daemon_domain(denyhosts_t, denyhosts_exec_t)`

			`type denyhosts_initrc_exec_t;`
			`init_script_file(denyhosts_initrc_exec_t)`

			`type denyhosts_var_lib_t;`
			`files_type(denyhosts_var_lib_t)`

			`type denyhosts_var_lock_t;`
			`files_lock_file(denyhosts_var_lock_t)`

			`type denyhosts_var_log_t;`
			`logging_log_file(denyhosts_var_log_t)`

			`########################################`
			`#`
			`# DenyHosts personal policy.`
			`#`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`# Bug #588563`
			`allow denyhosts_t self:capability sys_tty_config;`
Add DenyHosts from Dan Walsh. 2010-04-20 13:46:20 +00:00			`allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;`
			`allow denyhosts_t self:tcp_socket create_socket_perms;`
			`allow denyhosts_t self:udp_socket create_socket_perms;`

			`manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)`
			`files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)`

			`manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)`
			`manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)`
			`files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })`

			`append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)`
			`create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)`
			`read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)`
			`setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)`
			`logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)`

			`kernel_read_system_state(denyhosts_t)`

			`corecmd_exec_bin(denyhosts_t)`

			`corenet_all_recvfrom_unlabeled(denyhosts_t)`
			`corenet_all_recvfrom_netlabel(denyhosts_t)`
			`corenet_tcp_sendrecv_generic_if(denyhosts_t)`
			`corenet_tcp_sendrecv_generic_node(denyhosts_t)`
			`corenet_tcp_bind_generic_node(denyhosts_t)`
			`corenet_tcp_connect_smtp_port(denyhosts_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`corenet_tcp_connect_sype_port(denyhosts_t)`
Add DenyHosts from Dan Walsh. 2010-04-20 13:46:20 +00:00			`corenet_sendrecv_smtp_client_packets(denyhosts_t)`

			`dev_read_urand(denyhosts_t)`

			`files_read_etc_files(denyhosts_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`files_read_usr_files(denyhosts_t)`
Add DenyHosts from Dan Walsh. 2010-04-20 13:46:20 +00:00
			`# /var/log/secure`
			`logging_read_generic_logs(denyhosts_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`logging_send_syslog_msg(denyhosts_t)`
Add DenyHosts from Dan Walsh. 2010-04-20 13:46:20 +00:00
			`miscfiles_read_localization(denyhosts_t)`

UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`sysnet_dns_name_resolve(denyhosts_t)`
Add DenyHosts from Dan Walsh. 2010-04-20 13:46:20 +00:00			`sysnet_manage_config(denyhosts_t)`
			`sysnet_etc_filetrans_config(denyhosts_t)`

			optional_policy(`
			`cron_system_entry(denyhosts_t, denyhosts_exec_t)`
			`')`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00
			optional_policy(`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-22 10:07:37 +00:00			`gnome_dontaudit_search_config(denyhosts_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`')`