Point to Point Protocol daemon creates links in ppp networks

######################################## ##

## Use PPP file discriptors. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_use_fds',` gen_require(` type pppd_t; ') allow $1 pppd_t:fd use; ') ######################################## ##

## Do not audit attempts to inherit ## and use PPP file discriptors. ##

## ##

## Domain to not audit. ##

## # interface(`ppp_dontaudit_use_fds',` gen_require(` type pppd_t; ') dontaudit $1 pppd_t:fd use; ') ######################################## ##

## Send a SIGCHLD signal to PPP. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_sigchld',` gen_require(` type pppd_t; ') allow $1 pppd_t:process sigchld; ') ######################################## ##

## Send a generic signal to PPP. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_signal',` gen_require(` type pppd_t; ') allow $1 pppd_t:process signal; ') ######################################## ##

## Execute domain in the ppp domain. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_domtrans',` gen_require(` type pppd_t, pppd_exec_t; ') corecmd_search_sbin($1) domain_auto_trans($1, pppd_exec_t, pppd_t) allow $1 pppd_t:fd use; allow pppd_t $1:fd use; allow pppd_t $1:fifo_file rw_file_perms; allow pppd_t $1:process sigchld; ') ######################################## ##

## Conditionally execute ppp daemon on behalf of a user or staff type. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_run_cond',` gen_require(` type pppd_t; ') role $2 types pppd_t; tunable_policy(`pppd_for_user',` ppp_domtrans($1) allow pppd_t $3:chr_file rw_term_perms; ') ') ######################################## ##

## Unconditionally execute ppp daemon on behalf of a user or staff type. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_run',` gen_require(` type pppd_t; ') ppp_domtrans($1) role $2 types pppd_t; allow pppd_t $3:chr_file rw_term_perms; ') ######################################## ##

## Execute domain in the ppp caller. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_exec',` gen_require(` type pppd_exec_t; ') corecmd_search_sbin($1) can_exec($1, pppd_exec_t) ') ######################################## ##

## Read PPP-writable configuration files. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_read_rw_config',` gen_require(` type pppd_etc_t, pppd_etc_rw_t; ') allow $1 pppd_etc_t:dir list_dir_perms; allow $1 pppd_etc_rw_t:file { getattr read }; files_search_etc($1) ') ######################################## ##

## Read PPP secrets. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_read_secrets',` gen_require(` type pppd_etc_t, pppd_secret_t; ') allow $1 pppd_etc_t:dir list_dir_perms; allow $1 pppd_secret_t:file { getattr read }; files_search_etc($1) ') ######################################## ##

## Create, read, write, and delete PPP pid files. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_manage_pid_files',` gen_require(` type pppd_var_run_t; ') allow $1 pppd_var_run_t:file manage_file_perms; ') ######################################## ##

## Create, read, write, and delete PPP pid files. ##

## ##

## Domain allowed access. ##

## # interface(`ppp_pid_filetrans',` gen_require(` type pppd_var_run_t; ') files_pid_filetrans($1,pppd_var_run_t,file) ')