selinux-policy/strict/domains/program/unused/cvs.te

#DESC cvs - Concurrent Versions System
#
# Author:  Dan Walsh <dwalsh@redhat.com>
#
# Depends: inetd.te

#################################
#
# Rules for the cvs_t domain.
#
# cvs_exec_t is the type of the cvs executable.
#

inetd_child_domain(cvs, tcp)
typeattribute cvs_t privmail;
typeattribute cvs_t auth_chkpwd;

type cvs_data_t, file_type, sysadmfile;
create_dir_file(cvs_t, cvs_data_t)
can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
allow cvs_t etc_runtime_t:file { getattr read };
allow system_mail_t cvs_data_t:file { getattr read };
dontaudit cvs_t devtty_t:chr_file { read write };
allow cvs_t default_t:dir search;
allow cvs_t default_t:lnk_file read;
begin merging in upstream NSA CVS changes 2005-09-12 21:40:56 +00:00			`#DESC cvs - Concurrent Versions System`
			`#`
			`# Author: Dan Walsh <dwalsh@redhat.com>`
			`#`
			`# Depends: inetd.te`

			`#################################`
			`#`
			`# Rules for the cvs_t domain.`
			`#`
			`# cvs_exec_t is the type of the cvs executable.`
			`#`

			`inetd_child_domain(cvs, tcp)`
			`typeattribute cvs_t privmail;`
			`typeattribute cvs_t auth_chkpwd;`

			`type cvs_data_t, file_type, sysadmfile;`
			`create_dir_file(cvs_t, cvs_data_t)`
			`can_exec(cvs_t, { bin_t sbin_t shell_exec_t })`
			`allow cvs_t etc_runtime_t:file { getattr read };`
			`allow system_mail_t cvs_data_t:file { getattr read };`
			`dontaudit cvs_t devtty_t:chr_file { read write };`
			`allow cvs_t default_t:dir search;`
			`allow cvs_t default_t:lnk_file read;`