rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
462b89a9a5
selinux-policy/policy/modules/services/certmonger.te
Dan Walsh 3235a8bbe6 dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs. 
Disable transition from dbus_session_domain to telepathy for F14
Allow boinc_project to use shm
Allow certmonger to search through directories that contain certs
Allow fail2ban the DAC Override so it can read log files owned by non root users
2010-10-07 09:06:56 -04:00

84 lines
2.1 KiB
Plaintext
Raw Blame History

policy_module(certmonger, 1.0.1)
########################################
#
# Declarations
#
type certmonger_t;
type certmonger_exec_t;
init_daemon_domain(certmonger_t, certmonger_exec_t)
type certmonger_initrc_exec_t;
init_script_file(certmonger_initrc_exec_t)
type certmonger_var_run_t;
files_pid_file(certmonger_var_run_t)
type certmonger_var_lib_t;
files_type(certmonger_var_lib_t)
########################################
#
# certmonger local policy
#
allow certmonger_t self:capability { kill sys_nice };
allow certmonger_t self:process { getsched setsched sigkill };
allow certmonger_t self:fifo_file rw_file_perms;
allow certmonger_t self:unix_stream_socket create_stream_socket_perms;
allow certmonger_t self:tcp_socket create_stream_socket_perms;
allow certmonger_t self:netlink_route_socket r_netlink_socket_perms;
manage_dirs_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
manage_files_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
files_var_lib_filetrans(certmonger_t, certmonger_var_lib_t, { file dir })
manage_dirs_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
manage_files_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
files_pid_filetrans(certmonger_t, certmonger_var_run_t, { file dir })
corenet_tcp_sendrecv_generic_if(certmonger_t)
corenet_tcp_sendrecv_generic_node(certmonger_t)
corenet_tcp_sendrecv_all_ports(certmonger_t)
corenet_tcp_connect_certmaster_port(certmonger_t)
dev_read_urand(certmonger_t)
domain_use_interactive_fds(certmonger_t)
files_read_etc_files(certmonger_t)
files_read_usr_files(certmonger_t)
files_list_tmp(certmonger_t)
logging_send_syslog_msg(certmonger_t)
miscfiles_read_localization(certmonger_t)
miscfiles_manage_generic_cert_files(certmonger_t)
sysnet_dns_name_resolve(certmonger_t)
userdom_search_user_home_content(certmonger_t)
optional_policy(`
apache_search_config(certmonger_t)
')
optional_policy(`
bind_search_cache(certmonger_t)
')
optional_policy(`
dbus_system_bus_client(certmonger_t)
dbus_connect_system_bus(certmonger_t)
')
optional_policy(`
kerberos_use(certmonger_t)
')
optional_policy(`
pcscd_stream_connect(certmonger_t)
')
Reference in New Issue View Git Blame Copy Permalink