From b3416a37627972261115e0f5418657887503a6d8 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 10 May 2005 20:06:19 +0000 Subject: [PATCH] initial commit --- refpolicy/policy/modules/admin/consoletype.fc | 3 +++ refpolicy/policy/modules/admin/netutils.fc | 14 ++++++++++++++ refpolicy/policy/modules/apps/gpg.fc | 10 ++++++++++ refpolicy/policy/modules/services/mta.fc | 19 +++++++++++++++++++ refpolicy/policy/modules/system/clock.fc | 6 ++++++ refpolicy/policy/modules/system/hostname.fc | 3 +++ 6 files changed, 55 insertions(+) create mode 100644 refpolicy/policy/modules/admin/consoletype.fc create mode 100644 refpolicy/policy/modules/admin/netutils.fc create mode 100644 refpolicy/policy/modules/apps/gpg.fc create mode 100644 refpolicy/policy/modules/services/mta.fc create mode 100644 refpolicy/policy/modules/system/clock.fc create mode 100644 refpolicy/policy/modules/system/hostname.fc diff --git a/refpolicy/policy/modules/admin/consoletype.fc b/refpolicy/policy/modules/admin/consoletype.fc new file mode 100644 index 00000000..cf7eb6e5 --- /dev/null +++ b/refpolicy/policy/modules/admin/consoletype.fc @@ -0,0 +1,3 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/sbin/consoletype -- system_u:object_r:consoletype_exec_t diff --git a/refpolicy/policy/modules/admin/netutils.fc b/refpolicy/policy/modules/admin/netutils.fc new file mode 100644 index 00000000..30e46975 --- /dev/null +++ b/refpolicy/policy/modules/admin/netutils.fc @@ -0,0 +1,14 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/bin/ping.* -- system_u:object_r:ping_exec_t +/bin/traceroute.* -- system_u:object_r:traceroute_exec_t + +/sbin/arping -- system_u:object_r:netutils_exec_t + +/usr/bin/lft -- system_u:object_r:traceroute_exec_t +/usr/bin/nmap -- system_u:object_r:traceroute_exec_t +/usr/bin/traceroute.* -- system_u:object_r:traceroute_exec_t + +/usr/sbin/traceroute.* -- system_u:object_r:traceroute_exec_t +/usr/sbin/hping2 -- system_u:object_r:ping_exec_t +/usr/sbin/tcpdump -- system_u:object_r:netutils_exec_t diff --git a/refpolicy/policy/modules/apps/gpg.fc b/refpolicy/policy/modules/apps/gpg.fc new file mode 100644 index 00000000..bbcec5b2 --- /dev/null +++ b/refpolicy/policy/modules/apps/gpg.fc @@ -0,0 +1,10 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/usr/bin/gpg -- system_u:object_r:gpg_exec_t +/usr/bin/gpg-agent -- system_u:object_r:gpg_agent_exec_t +/usr/bin/kgpg -- system_u:object_r:gpg_exec_t +/usr/bin/pinentry.* -- system_u:object_r:pinentry_exec_t + +/usr/lib/gnupg/gpgkeys.* -- system_u:object_r:gpg_helper_exec_t + +#HOME_DIR/\.gnupg(/.+)? system_u:object_r:ROLE_gpg_secret_t diff --git a/refpolicy/policy/modules/services/mta.fc b/refpolicy/policy/modules/services/mta.fc new file mode 100644 index 00000000..127ef068 --- /dev/null +++ b/refpolicy/policy/modules/services/mta.fc @@ -0,0 +1,19 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/etc/aliases -- system_u:object_r:etc_aliases_t +/etc/aliases\.db -- system_u:object_r:etc_aliases_t + +/usr/lib(64)?/sendmail -- system_u:object_r:sendmail_exec_t + +/usr/sbin/sendmail(.sendmail)? -- system_u:object_r:sendmail_exec_t + +/var/mail(/.*)? system_u:object_r:mail_spool_t + +/var/spool/(client)?mqueue(/.*)? system_u:object_r:mqueue_spool_t + +/var/spool/mail(/.*)? system_u:object_r:mail_spool_t + +ifdef(`postfix.te', `', ` +/usr/sbin/sendmail.postfix -- system_u:object_r:sendmail_exec_t +/var/spool/postfix(/.*)? system_u:object_r:mail_spool_t +') diff --git a/refpolicy/policy/modules/system/clock.fc b/refpolicy/policy/modules/system/clock.fc new file mode 100644 index 00000000..1783155e --- /dev/null +++ b/refpolicy/policy/modules/system/clock.fc @@ -0,0 +1,6 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/etc/adjtime -- system_u:object_r:adjtime_t + +/sbin/hwclock -- system_u:object_r:hwclock_exec_t + diff --git a/refpolicy/policy/modules/system/hostname.fc b/refpolicy/policy/modules/system/hostname.fc new file mode 100644 index 00000000..32484113 --- /dev/null +++ b/refpolicy/policy/modules/system/hostname.fc @@ -0,0 +1,3 @@ +# Copyright (C) 2005 Tresys Technology, LLC + +/bin/hostname -- system_u:object_r:hostname_exec_t