190 lines
3.0 KiB
Plaintext
190 lines
3.0 KiB
Plaintext
|
|
policy_module(auditadm, 2.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
role auditadm_r;
|
|
|
|
userdom_unpriv_user_template(auditadm)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow auditadm_t self:capability { dac_read_search dac_override };
|
|
|
|
corecmd_exec_shell(auditadm_t)
|
|
|
|
domain_kill_all_domains(auditadm_t)
|
|
|
|
logging_send_syslog_msg(auditadm_t)
|
|
logging_read_generic_logs(auditadm_t)
|
|
logging_manage_audit_log(auditadm_t)
|
|
logging_manage_audit_config(auditadm_t)
|
|
logging_run_auditctl(auditadm_t, auditadm_r)
|
|
logging_run_auditd(auditadm_t, auditadm_r)
|
|
|
|
seutil_run_runinit(auditadm_t, auditadm_r)
|
|
seutil_read_bin_policy(auditadm_t)
|
|
|
|
optional_policy(`
|
|
apache_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
auth_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
bluetooth_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cdrecord_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
consoletype_exec(auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dbus_role_template(auditadm, auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dmesg_exec(auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
ethereal_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
evolution_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
games_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gift_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gpg_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gnome_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
irc_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
java_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
lockdev_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
lpd_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mozilla_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mplayer_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
mta_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
oident_manage_user_content(auditadm_t)
|
|
oident_relabel_user_content(auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
pyzor_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
razor_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rssh_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
screen_role_template(auditadm, auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
spamassassin_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
ssh_role_template(auditadm, auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
secadm_role_change(auditadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
su_role_template(auditadm, auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sudo_role_template(auditadm, auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sysadm_role_change(auditadm_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
thunderbird_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
tvtime_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
userhelper_role_template(auditadm, auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
vmware_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
wireshark_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
uml_role(auditadm_r, auditadm_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
xserver_role(auditadm_r, auditadm_t)
|
|
')
|