selinux-policy/policy/modules/services/ntop.te

115 lines
3.0 KiB
Plaintext
Raw Normal View History

2010-05-24 19:32:01 +00:00
policy_module(ntop, 1.9.0)
2006-04-18 13:44:07 +00:00
########################################
#
# Declarations
#
type ntop_t;
type ntop_exec_t;
init_daemon_domain(ntop_t, ntop_exec_t)
application_domain(ntop_t, ntop_exec_t)
2006-04-18 13:44:07 +00:00
type ntop_initrc_exec_t;
init_script_file(ntop_initrc_exec_t)
2006-04-18 13:44:07 +00:00
type ntop_etc_t;
files_config_file(ntop_etc_t)
type ntop_tmp_t;
files_tmp_file(ntop_tmp_t)
type ntop_var_lib_t;
files_type(ntop_var_lib_t)
type ntop_var_run_t;
files_pid_file(ntop_var_run_t)
########################################
#
# Local Policy
#
allow ntop_t self:capability { net_raw setgid setuid sys_admin net_admin };
dontaudit ntop_t self:capability sys_tty_config;
allow ntop_t self:process signal_perms;
allow ntop_t self:fifo_file rw_fifo_file_perms;
2006-04-18 13:44:07 +00:00
allow ntop_t self:tcp_socket create_stream_socket_perms;
allow ntop_t self:udp_socket create_socket_perms;
allow ntop_t self:unix_dgram_socket create_socket_perms;
allow ntop_t self:unix_stream_socket create_stream_socket_perms;
2006-04-18 13:44:07 +00:00
allow ntop_t self:packet_socket create_socket_perms;
allow ntop_t self:socket create_socket_perms;
2006-04-18 13:44:07 +00:00
2006-12-12 20:08:08 +00:00
allow ntop_t ntop_etc_t:dir list_dir_perms;
read_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
read_lnk_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
2006-04-18 13:44:07 +00:00
manage_dirs_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
manage_files_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
2006-04-18 13:44:07 +00:00
files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir })
2006-04-18 13:44:07 +00:00
manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
files_pid_filetrans(ntop_t, ntop_var_run_t, file)
2006-04-18 13:44:07 +00:00
kernel_request_load_module(ntop_t)
kernel_read_system_state(ntop_t)
2006-04-18 13:44:07 +00:00
kernel_read_network_state(ntop_t)
kernel_read_kernel_sysctls(ntop_t)
kernel_list_proc(ntop_t)
kernel_read_proc_symlinks(ntop_t)
corenet_all_recvfrom_unlabeled(ntop_t)
corenet_all_recvfrom_netlabel(ntop_t)
2006-04-18 13:44:07 +00:00
corenet_tcp_sendrecv_generic_if(ntop_t)
corenet_udp_sendrecv_generic_if(ntop_t)
corenet_raw_sendrecv_generic_if(ntop_t)
corenet_tcp_sendrecv_generic_node(ntop_t)
corenet_udp_sendrecv_generic_node(ntop_t)
corenet_raw_sendrecv_generic_node(ntop_t)
2006-04-18 13:44:07 +00:00
corenet_tcp_sendrecv_all_ports(ntop_t)
corenet_udp_sendrecv_all_ports(ntop_t)
corenet_tcp_bind_ntop_port(ntop_t)
corenet_tcp_connect_ntop_port(ntop_t)
corenet_tcp_connect_http_port(ntop_t)
corenet_sendrecv_http_client_packets(ntop_t)
corenet_sendrecv_ntop_client_packets(ntop_t)
corenet_sendrecv_ntop_server_packets(ntop_t)
2006-04-18 13:44:07 +00:00
dev_read_sysfs(ntop_t)
dev_rw_generic_usb_dev(ntop_t)
2006-04-18 13:44:07 +00:00
domain_use_interactive_fds(ntop_t)
files_read_etc_files(ntop_t)
files_read_usr_files(ntop_t)
2006-04-18 13:44:07 +00:00
fs_getattr_all_fs(ntop_t)
fs_search_auto_mountpoints(ntop_t)
auth_use_nsswitch(ntop_t)
2006-04-18 13:44:07 +00:00
logging_send_syslog_msg(ntop_t)
miscfiles_read_localization(ntop_t)
miscfiles_read_fonts(ntop_t)
2006-04-18 13:44:07 +00:00
userdom_dontaudit_use_unpriv_user_fds(ntop_t)
2008-11-05 16:10:46 +00:00
userdom_dontaudit_search_user_home_dirs(ntop_t)
2006-04-18 13:44:07 +00:00
optional_policy(`
apache_read_sys_content(ntop_t)
')
2006-04-18 13:44:07 +00:00
optional_policy(`
seutil_sigchld_newrole(ntop_t)
')
optional_policy(`
udev_read_db(ntop_t)
')