27 lines
815 B
Plaintext
27 lines
815 B
Plaintext
|
#DESC Sound - Sound utilities
|
||
|
#
|
||
|
# Authors: Mark Westerman <mark.westerman@.com>
|
||
|
# X-Debian-Packages: esound
|
||
|
#
|
||
|
#################################
|
||
|
#
|
||
|
# Rules for the sound_t domain.
|
||
|
#
|
||
|
daemon_base_domain(sound)
|
||
|
type sound_file_t, file_type, sysadmfile;
|
||
|
allow initrc_t sound_file_t:file { getattr read };
|
||
|
allow sound_t sound_file_t:file rw_file_perms;
|
||
|
|
||
|
# Use capabilities.
|
||
|
# Commented out by default.
|
||
|
#allow sound_t self:capability { sys_admin sys_rawio sys_time dac_override };
|
||
|
dontaudit sound_t self:capability { sys_admin sys_rawio sys_time dac_read_search dac_override };
|
||
|
|
||
|
# Read and write the sound device.
|
||
|
allow sound_t sound_device_t:chr_file rw_file_perms;
|
||
|
|
||
|
# Read and write ttys.
|
||
|
allow sound_t sysadm_tty_device_t:chr_file rw_file_perms;
|
||
|
read_locale(sound_t)
|
||
|
allow initrc_t sound_file_t:file { setattr write };
|