Nut policy from Dan Walsh

Dropped optional policy for shutdown_domtrans
Dropped commented can_exec line
This commit is contained in:
Jeremy Solt 2010-03-31 15:23:29 -04:00 committed by Chris PeBenito
parent 170a46d6c5
commit f8b3b7fa48

View File

@ -29,7 +29,8 @@ files_pid_file(nut_var_run_t)
# Local policy for upsd
#
allow nut_upsd_t self:capability { setgid setuid };
allow nut_upsd_t self:capability { setgid setuid dac_override };
allow nut_upsd_t self:unix_dgram_socket { create_socket_perms sendto };
allow nut_upsd_t self:tcp_socket connected_stream_socket_perms;
@ -86,6 +87,7 @@ corenet_tcp_connect_generic_port(nut_upsmon_t)
# Creates /etc/killpower
files_manage_etc_runtime_files(nut_upsmon_t)
files_etc_filetrans_etc_runtime(nut_upsmon_t, file)
files_search_usr(nut_upsmon_t)
# /usr/bin/wall
term_write_all_terms(nut_upsmon_t)
@ -100,6 +102,8 @@ auth_use_nsswitch(nut_upsmon_t)
miscfiles_read_localization(nut_upsmon_t)
mta_send_mail(nut_upsmon_t)
########################################
#
# Local policy for upsdrvctl
@ -149,5 +153,15 @@ optional_policy(`
read_files_pattern(httpd_nutups_cgi_script_t, nut_conf_t, nut_conf_t)
corenet_all_recvfrom_unlabeled(httpd_nutups_cgi_script_t)
corenet_all_recvfrom_netlabel(httpd_nutups_cgi_script_t)
corenet_tcp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
corenet_tcp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
corenet_tcp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
corenet_tcp_connect_ups_port(httpd_nutups_cgi_script_t)
corenet_udp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
corenet_udp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
corenet_udp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
sysnet_dns_name_resolve(httpd_nutups_cgi_script_t)
')