policy_module(vnstatd, 1.0.0) ######################################## # # Declarations # type vnstatd_t; type vnstatd_exec_t; init_daemon_domain(vnstatd_t, vnstatd_exec_t) permissive vnstatd_t; type vnstatd_var_lib_t; files_type(vnstatd_var_lib_t) type vnstat_t; type vnstat_exec_t; application_domain(vnstat_t, vnstat_exec_t) cron_system_entry(vnstat_t, vnstat_exec_t) ######################################## # # vnstatd local policy # allow vnstatd_t self:process { fork signal }; allow vnstatd_t self:fifo_file rw_fifo_file_perms; allow vnstatd_t self:unix_stream_socket create_stream_socket_perms; manage_dirs_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t) manage_files_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t) files_var_lib_filetrans(vnstatd_t, vnstatd_var_lib_t, { dir file }) domain_use_interactive_fds(vnstatd_t) files_read_etc_files(vnstatd_t) logging_send_syslog_msg(vnstatd_t) miscfiles_read_localization(vnstatd_t) ######################################## # # vnstat local policy # allow vnstat_t self:process signal; allow vnstat_t self:fifo_file rw_fifo_file_perms; allow vnstat_t self:unix_stream_socket create_stream_socket_perms; manage_dirs_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t) manage_files_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t) files_var_lib_filetrans(vnstat_t, vnstatd_var_lib_t, { dir file }) kernel_read_network_state(vnstat_t) kernel_read_system_state(vnstat_t) domain_use_interactive_fds(vnstat_t) files_read_etc_files(vnstat_t) fs_getattr_xattr_fs(vnstat_t) logging_send_syslog_msg(vnstat_t) miscfiles_read_localization(vnstat_t)