add hddtemp from dan.
This commit is contained in:
parent
aac56b12b7
commit
aa83007d5a
|
@ -8,6 +8,8 @@
|
||||||
- Fix infrastructure to expand macros in initrc_context when installing.
|
- Fix infrastructure to expand macros in initrc_context when installing.
|
||||||
- Handle unix_chkpwd usage by useradd and groupadd.
|
- Handle unix_chkpwd usage by useradd and groupadd.
|
||||||
- Add missing compatibility aliases for xdm_xserver*_t types.
|
- Add missing compatibility aliases for xdm_xserver*_t types.
|
||||||
|
- Added modules:
|
||||||
|
hddtemp (Dan Walsh)
|
||||||
|
|
||||||
* Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730
|
* Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730
|
||||||
- Gentoo fixes for init scripts and system startup.
|
- Gentoo fixes for init scripts and system startup.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(corenetwork, 1.12.0)
|
policy_module(corenetwork, 1.12.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -102,6 +102,7 @@ network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
|
||||||
network_port(giftd, tcp,1213,s0)
|
network_port(giftd, tcp,1213,s0)
|
||||||
network_port(gopher, tcp,70,s0, udp,70,s0)
|
network_port(gopher, tcp,70,s0, udp,70,s0)
|
||||||
network_port(gpsd, tcp,2947,s0)
|
network_port(gpsd, tcp,2947,s0)
|
||||||
|
network_port(hddtemp, tcp,7634,s0)
|
||||||
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
||||||
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
|
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
|
||||||
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
|
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
/etc/rc\.d/init\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
|
||||||
|
|
||||||
|
/usr/sbin/hddtemp -- gen_context(system_u:object_r:hddtemp_exec_t,s0)
|
|
@ -0,0 +1,38 @@
|
||||||
|
## <summary>hddtemp hard disk temperature tool running as a daemon</summary>
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Execute hddtemp in the hddtemp domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`hddtemp_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type hddtemp_t, hddtemp_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
corecmd_search_bin($1)
|
||||||
|
domtrans_pattern($1, hddtemp_exec_t, hddtemp_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
######################################
|
||||||
|
## <summary>
|
||||||
|
## Execute hddtemp
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`hddtemp_exec',`
|
||||||
|
gen_require(`
|
||||||
|
type hddtemp_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
can_exec($1, hddtemp_exec_t)
|
||||||
|
')
|
|
@ -0,0 +1,38 @@
|
||||||
|
|
||||||
|
policy_module(hddtemp, 1.0.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
type hddtemp_t;
|
||||||
|
type hddtemp_exec_t;
|
||||||
|
init_daemon_domain(hddtemp_t, hddtemp_exec_t)
|
||||||
|
|
||||||
|
type hddtemp_initrc_exec_t;
|
||||||
|
init_script_file(hddtemp_initrc_exec_t)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# hddtemp local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
allow hddtemp_t self:capability sys_rawio;
|
||||||
|
dontaudit hddtemp_t self:capability sys_admin;
|
||||||
|
allow hddtemp_t self:netlink_route_socket r_netlink_socket_perms;
|
||||||
|
allow hddtemp_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
allow hddtemp_t self:udp_socket create_socket_perms;
|
||||||
|
|
||||||
|
corenet_tcp_bind_all_nodes(hddtemp_t)
|
||||||
|
corenet_tcp_bind_hddtemp_port(hddtemp_t)
|
||||||
|
|
||||||
|
# read hddtemp db file
|
||||||
|
files_read_usr_files(hddtemp_t)
|
||||||
|
|
||||||
|
storage_raw_read_fixed_disk(hddtemp_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(hddtemp_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(hddtemp_t)
|
||||||
|
|
Loading…
Reference in New Issue