## <summary>Internet services daemon.</summary> ######################################## ## <summary> ## Define the specified domain as a inetd service. ## </summary> ## <desc> ## Define the specified domain as a inetd service. The ## inetd_service_domain(), inetd_tcp_service_domain(), ## or inetd_udp_service_domain() interfaces should be used ## instead of this interface, as this interface only provides ## the common rules to these three interfaces. ## </desc> ## <param name="domain"> ## The type associated with the inetd service process. ## </param> ## <param name="entrypoint"> ## The type associated with the process program. ## </param> # interface(`inetd_core_service_domain',` gen_require(` type inetd_t; role system_r; class fd use; class fifo_file rw_file_perms; class process { sigchld sigkill }; ') domain_type($1) domain_entry_file($1,$2) role system_r types $1; domain_auto_trans(inetd_t,$2,$1) allow $1 inetd_t:fd use; allow inetd_t $1:fd use; allow $1 inetd_t:fifo_file rw_file_perms; allow $1 inetd_t:process sigchld; allow inetd_t $1:process sigkill; ') ######################################## ## <summary> ## Define the specified domain as a TCP inetd service. ## </summary> ## <param name="domain"> ## The type associated with the inetd service process. ## </param> ## <param name="entrypoint"> ## The type associated with the process program. ## </param> # interface(`inetd_tcp_service_domain',` gen_require(` type inetd_t; class tcp_socket rw_stream_socket_perms; ') inetd_core_service_domain($1,$2) allow $1 inetd_t:tcp_socket rw_stream_socket_perms; ') ######################################## ## <summary> ## Define the specified domain as a UDP inetd service. ## </summary> ## <param name="domain"> ## The type associated with the inetd service process. ## </param> ## <param name="entrypoint"> ## The type associated with the process program. ## </param> # interface(`inetd_udp_service_domain',` gen_require(` type inetd_t; class udp_socket rw_socket_perms; ') inetd_core_service_domain($1,$2) allow $1 inetd_t:udp_socket rw_socket_perms; ') ######################################## ## <summary> ## Define the specified domain as a TCP and UDP inetd service. ## </summary> ## <param name="domain"> ## The type associated with the inetd service process. ## </param> ## <param name="entrypoint"> ## The type associated with the process program. ## </param> # interface(`inetd_service_domain',` gen_require(` type inetd_t; class tcp_socket rw_stream_socket_perms; class udp_socket rw_socket_perms; ') inetd_core_service_domain($1,$2) allow $1 inetd_t:tcp_socket rw_stream_socket_perms; allow $1 inetd_t:udp_socket rw_socket_perms; ') ######################################## ## <summary> ## Connect to the inetd service using a TCP connection. ## </summary> ## <param name="domain"> ## Domain allowed access. ## </param> # interface(`inetd_tcp_connectto',` gen_require(` type inetd_t; class tcp_socket { connectto acceptfrom recvfrom }; ') allow $1 inetd_t:tcp_socket { connectto recvfrom }; allow inetd_t $1:tcp_socket { acceptfrom recvfrom }; #allow inetd_t kernel_t:tcp_socket recvfrom; #allow $1 kernel_t:tcp_socket recvfrom; ')