33 lines
929 B
Plaintext
33 lines
929 B
Plaintext
|
|
|
|
daemon_base_domain(ciped)
|
|
|
|
# for SSP
|
|
allow ciped_t urandom_device_t:chr_file read;
|
|
|
|
type cipe_port_t, port_type;
|
|
|
|
can_network_udp(ciped_t)
|
|
can_ypbind(ciped_t)
|
|
allow ciped_t cipe_port_t:udp_socket name_bind;
|
|
|
|
allow ciped_t devpts_t:dir search;
|
|
allow ciped_t devtty_t:chr_file { read write };
|
|
allow ciped_t etc_runtime_t:file { getattr read };
|
|
allow ciped_t etc_t:file { getattr read };
|
|
allow ciped_t proc_t:file { getattr read };
|
|
allow ciped_t { bin_t sbin_t }:dir { getattr search read };
|
|
allow ciped_t bin_t:lnk_file read;
|
|
can_exec(ciped_t, { bin_t ciped_exec_t shell_exec_t })
|
|
allow ciped_t self:fifo_file rw_file_perms;
|
|
|
|
read_locale(ciped_t)
|
|
|
|
allow ciped_t self:capability { net_admin ipc_lock sys_tty_config };
|
|
allow ciped_t self:unix_dgram_socket create_socket_perms;
|
|
allow ciped_t self:unix_stream_socket create_socket_perms;
|
|
|
|
allow ciped_t random_device_t:chr_file { getattr read };
|
|
|
|
dontaudit ciped_t var_t:dir search;
|