0f7c400223
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
74 lines
2.0 KiB
Plaintext
74 lines
2.0 KiB
Plaintext
policy_module(oident, 2.1.0)
|
|
|
|
########################################
|
|
#
|
|
# Oident daemon private declarations
|
|
#
|
|
|
|
type oidentd_t;
|
|
type oidentd_exec_t;
|
|
init_daemon_domain(oidentd_t, oidentd_exec_t)
|
|
|
|
type oidentd_home_t;
|
|
typealias oidentd_home_t alias { oidentd_user_content_t oidentd_staff_content_t oidentd_sysadm_content_t };
|
|
typealias oidentd_home_t alias { oidentd_secadm_content_t oidentd_auditadm_content_t };
|
|
userdom_user_home_content(oidentd_home_t)
|
|
|
|
type oidentd_initrc_exec_t;
|
|
init_script_file(oidentd_initrc_exec_t)
|
|
|
|
type oidentd_config_t;
|
|
files_config_file(oidentd_config_t)
|
|
|
|
########################################
|
|
#
|
|
# Oident daemon private policy
|
|
#
|
|
|
|
allow oidentd_t self:capability { setuid setgid };
|
|
allow oidentd_t self:netlink_route_socket create_netlink_socket_perms;
|
|
allow oidentd_t self:netlink_tcpdiag_socket create_netlink_socket_perms;
|
|
allow oidentd_t self:tcp_socket create_stream_socket_perms;
|
|
allow oidentd_t self:udp_socket create_socket_perms;
|
|
allow oidentd_t self:unix_dgram_socket { create connect };
|
|
|
|
allow oidentd_t oidentd_config_t:file read_file_perms;
|
|
|
|
corenet_all_recvfrom_unlabeled(oidentd_t)
|
|
corenet_all_recvfrom_netlabel(oidentd_t)
|
|
corenet_tcp_sendrecv_generic_if(oidentd_t)
|
|
corenet_tcp_sendrecv_generic_node(oidentd_t)
|
|
corenet_tcp_bind_generic_node(oidentd_t)
|
|
corenet_tcp_bind_auth_port(oidentd_t)
|
|
corenet_sendrecv_auth_server_packets(oidentd_t)
|
|
|
|
files_read_etc_files(oidentd_t)
|
|
|
|
kernel_read_kernel_sysctls(oidentd_t)
|
|
kernel_read_network_state(oidentd_t)
|
|
kernel_read_network_state_symlinks(oidentd_t)
|
|
kernel_read_sysctl(oidentd_t)
|
|
kernel_request_load_module(oidentd_t)
|
|
|
|
logging_send_syslog_msg(oidentd_t)
|
|
|
|
miscfiles_read_localization(oidentd_t)
|
|
|
|
sysnet_read_config(oidentd_t)
|
|
|
|
oident_read_user_content(oidentd_t)
|
|
|
|
optional_policy(`
|
|
nis_use_ypbind(oidentd_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs', `
|
|
fs_list_cifs(oidentd_t)
|
|
fs_read_cifs_files(oidentd_t)
|
|
')
|
|
|
|
tunable_policy(`use_nfs_home_dirs', `
|
|
fs_list_nfs(oidentd_t)
|
|
fs_read_nfs_files(oidentd_t)
|
|
')
|