selinux-policy/strict/domains/program/unused/backup.te
2005-04-29 17:45:15 +00:00

60 lines
1.6 KiB
Plaintext

#DESC Backup - Backup scripts
#
# Author: Russell Coker <russell@coker.com.au>
# X-Debian-Packages: dpkg
#
#################################
#
# Rules for the backup_t domain.
#
type backup_t, domain, privlog, auth;
type backup_exec_t, file_type, sysadmfile, exec_type;
type backup_store_t, file_type, sysadmfile;
role system_r types backup_t;
role sysadm_r types backup_t;
domain_auto_trans(sysadm_t, backup_exec_t, backup_t)
allow backup_t privfd:fd use;
ifdef(`crond.te', `
system_crond_entry(backup_exec_t, backup_t)
rw_dir_create_file(system_crond_t, backup_store_t)
')
# for SSP
allow backup_t urandom_device_t:chr_file read;
can_network_client(backup_t)
can_ypbind(backup_t)
uses_shlib(backup_t)
allow backup_t devtty_t:chr_file rw_file_perms;
allow backup_t { file_type fs_type }:dir r_dir_perms;
allow backup_t file_type:{ file lnk_file } r_file_perms;
allow backup_t file_type:{ sock_file fifo_file } getattr;
allow backup_t { device_t device_type ttyfile }:chr_file getattr;
allow backup_t { device_t device_type }:blk_file getattr;
allow backup_t var_t:file create_file_perms;
allow backup_t proc_t:dir r_dir_perms;
allow backup_t proc_t:file r_file_perms;
allow backup_t proc_t:lnk_file { getattr read };
read_sysctl(backup_t)
allow backup_t self:fifo_file rw_file_perms;
allow backup_t self:process { signal sigchld fork };
allow backup_t self:capability dac_override;
rw_dir_file(backup_t, backup_store_t)
allow backup_t backup_store_t:file { create setattr };
allow backup_t fs_t:filesystem getattr;
allow backup_t self:unix_stream_socket create_socket_perms;
can_exec(backup_t, bin_t)
ifdef(`hostname.te', `can_exec(backup_t, hostname_exec_t)')