2010-09-15 14:42:34 +00:00
|
|
|
policy_module(certmonger, 1.0.1)
|
2010-04-09 17:05:52 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
type certmonger_t;
|
|
|
|
type certmonger_exec_t;
|
|
|
|
init_daemon_domain(certmonger_t, certmonger_exec_t)
|
|
|
|
|
|
|
|
type certmonger_initrc_exec_t;
|
|
|
|
init_script_file(certmonger_initrc_exec_t)
|
|
|
|
|
|
|
|
type certmonger_var_run_t;
|
|
|
|
files_pid_file(certmonger_var_run_t)
|
|
|
|
|
|
|
|
type certmonger_var_lib_t;
|
|
|
|
files_type(certmonger_var_lib_t)
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# certmonger local policy
|
|
|
|
#
|
|
|
|
|
|
|
|
allow certmonger_t self:capability { kill sys_nice };
|
|
|
|
allow certmonger_t self:process { getsched setsched sigkill };
|
|
|
|
allow certmonger_t self:fifo_file rw_file_perms;
|
|
|
|
allow certmonger_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
|
allow certmonger_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
allow certmonger_t self:netlink_route_socket r_netlink_socket_perms;
|
|
|
|
|
2010-04-19 14:17:24 +00:00
|
|
|
manage_dirs_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
|
|
|
|
manage_files_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-22 10:07:37 +00:00
|
|
|
files_var_lib_filetrans(certmonger_t, certmonger_var_lib_t, { file dir })
|
2010-04-09 17:05:52 +00:00
|
|
|
|
2010-04-19 14:17:24 +00:00
|
|
|
manage_dirs_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
|
|
|
|
manage_files_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
|
2010-04-12 19:54:18 +00:00
|
|
|
files_pid_filetrans(certmonger_t, certmonger_var_run_t, { file dir })
|
2010-04-09 17:05:52 +00:00
|
|
|
|
|
|
|
corenet_tcp_sendrecv_generic_if(certmonger_t)
|
|
|
|
corenet_tcp_sendrecv_generic_node(certmonger_t)
|
|
|
|
corenet_tcp_sendrecv_all_ports(certmonger_t)
|
|
|
|
corenet_tcp_connect_certmaster_port(certmonger_t)
|
|
|
|
|
|
|
|
dev_read_urand(certmonger_t)
|
|
|
|
|
2010-04-12 19:54:18 +00:00
|
|
|
domain_use_interactive_fds(certmonger_t)
|
|
|
|
|
2010-04-09 17:05:52 +00:00
|
|
|
files_read_etc_files(certmonger_t)
|
|
|
|
files_read_usr_files(certmonger_t)
|
|
|
|
files_list_tmp(certmonger_t)
|
|
|
|
|
|
|
|
logging_send_syslog_msg(certmonger_t)
|
|
|
|
|
|
|
|
miscfiles_read_localization(certmonger_t)
|
2010-09-09 16:14:48 +00:00
|
|
|
miscfiles_manage_generic_cert_files(certmonger_t)
|
2010-04-09 17:05:52 +00:00
|
|
|
|
|
|
|
sysnet_dns_name_resolve(certmonger_t)
|
|
|
|
|
2010-10-07 13:06:56 +00:00
|
|
|
userdom_search_user_home_content(certmonger_t)
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
apache_search_config(certmonger_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
bind_search_cache(certmonger_t)
|
|
|
|
')
|
|
|
|
|
2010-04-09 17:05:52 +00:00
|
|
|
optional_policy(`
|
|
|
|
dbus_system_bus_client(certmonger_t)
|
|
|
|
dbus_connect_system_bus(certmonger_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
kerberos_use(certmonger_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
2010-08-30 14:38:54 +00:00
|
|
|
pcscd_stream_connect(certmonger_t)
|
2010-04-09 17:05:52 +00:00
|
|
|
')
|
2010-10-07 13:06:56 +00:00
|
|
|
|