47 lines
1.0 KiB
Plaintext
47 lines
1.0 KiB
Plaintext
|
|
||
|
|
policy_module(slocate,1.0.0)
|
||
|
|
|
||
|
|
#################################
|
||
|
|
#
|
||
|
|
# Declarations
|
||
|
|
#
|
||
|
|
|
||
|
|
type locate_t;
|
||
|
|
type locate_exec_t;
|
||
|
|
init_system_domain(locate_t,locate_exec_t)
|
||
|
|
|
||
|
|
type locate_log_t;
|
||
|
|
logging_log_file(locate_log_t)
|
||
|
|
|
||
|
|
type locate_var_lib_t;
|
||
|
|
files_type(locate_var_lib_t)
|
||
|
|
|
||
|
|
########################################
|
||
|
|
#
|
||
|
|
# Local policy
|
||
|
|
#
|
||
|
|
|
||
|
|
allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
|
||
|
|
allow locate_t self:process { execmem execheap execstack };
|
||
|
|
allow locate_t self:fifo_file rw_file_perms;
|
||
|
|
allow locate_t self:unix_stream_socket create_socket_perms;
|
||
|
|
|
||
|
|
allow locate_t locate_var_lib_t:dir create_dir_perms;
|
||
|
|
allow locate_t locate_var_lib_t:file create_file_perms;
|
||
|
|
|
||
|
|
kernel_read_system_state(locate_t)
|
||
|
|
kernel_dontaudit_search_sysctl(locate_t)
|
||
|
|
|
||
|
|
corecmd_exec_bin(locate_t)
|
||
|
|
|
||
|
|
files_list_all(locate_t)
|
||
|
|
files_getattr_all_files(locate_t)
|
||
|
|
files_read_etc_runtime_files(locate_t)
|
||
|
|
files_read_etc_files(locate_t)
|
||
|
|
|
||
|
|
fs_getattr_xattr_fs(locate_t)
|
||
|
|
|
||
|
|
optional_policy(`cron',`
|
||
|
|
cron_system_entry(locate_t, locate_exec_t)
|
||
|
|
')
|