51 lines
1.3 KiB
Plaintext
51 lines
1.3 KiB
Plaintext
#DESC X print server
|
|
#
|
|
# Author: Russell Coker <russell@coker.com.au>
|
|
# X-Debian-Packages: xprt-xprintorg
|
|
#
|
|
|
|
#################################
|
|
#
|
|
# Rules for the xprint_t domain.
|
|
#
|
|
# xprint_exec_t is the type of the xprint executable.
|
|
#
|
|
daemon_domain(xprint)
|
|
|
|
allow initrc_t readable_t:dir r_dir_perms;
|
|
allow initrc_t fonts_t:dir r_dir_perms;
|
|
|
|
allow xprint_t var_lib_t:dir search;
|
|
allow xprint_t fonts_t:dir r_dir_perms;
|
|
allow xprint_t fonts_t:file { getattr read };
|
|
|
|
allow xprint_t { bin_t sbin_t }:dir search;
|
|
can_exec(xprint_t, { bin_t sbin_t ls_exec_t shell_exec_t })
|
|
allow xprint_t bin_t:lnk_file { getattr read };
|
|
|
|
allow xprint_t tmp_t:dir { getattr search };
|
|
ifdef(`xdm.te', `
|
|
allow xprint_t xdm_xserver_tmp_t:dir rw_dir_perms;
|
|
allow xprint_t xdm_xserver_tmp_t:sock_file create_file_perms;
|
|
')
|
|
|
|
# Use the network.
|
|
can_network_server(xprint_t)
|
|
can_ypbind(xprint_t)
|
|
allow xprint_t self:fifo_file rw_file_perms;
|
|
allow xprint_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
|
allow xprint_t proc_t:file { getattr read };
|
|
allow xprint_t self:file { getattr read };
|
|
|
|
# read config files
|
|
allow xprint_t { etc_t etc_runtime_t }:file { getattr read };
|
|
ifdef(`cups.te', `
|
|
allow xprint_t cupsd_etc_t:dir search;
|
|
allow xprint_t cupsd_etc_t:file { getattr read };
|
|
')
|
|
|
|
r_dir_file(xprint_t, usr_t)
|
|
|
|
allow xprint_t urandom_device_t:chr_file { getattr read };
|