7d1f5642b0
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
74 lines
1.6 KiB
Plaintext
74 lines
1.6 KiB
Plaintext
policy_module(uptime, 1.4.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type uptimed_t;
|
|
type uptimed_exec_t;
|
|
init_daemon_domain(uptimed_t, uptimed_exec_t)
|
|
|
|
type uptimed_etc_t alias etc_uptimed_t;
|
|
files_config_file(uptimed_etc_t)
|
|
|
|
type uptimed_spool_t;
|
|
files_type(uptimed_spool_t)
|
|
|
|
type uptimed_var_run_t;
|
|
files_pid_file(uptimed_var_run_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
dontaudit uptimed_t self:capability sys_tty_config;
|
|
allow uptimed_t self:process signal_perms;
|
|
allow uptimed_t self:fifo_file write_fifo_file_perms;
|
|
|
|
allow uptimed_t uptimed_etc_t:file read_file_perms;
|
|
files_search_etc(uptimed_t)
|
|
|
|
allow uptimed_t uptimed_spool_t:file manage_file_perms;
|
|
|
|
manage_files_pattern(uptimed_t, uptimed_var_run_t, uptimed_var_run_t)
|
|
files_pid_filetrans(uptimed_t, uptimed_var_run_t, file)
|
|
|
|
manage_dirs_pattern(uptimed_t, uptimed_spool_t, uptimed_spool_t)
|
|
manage_files_pattern(uptimed_t, uptimed_spool_t, uptimed_spool_t)
|
|
files_spool_filetrans(uptimed_t, uptimed_spool_t, { dir file })
|
|
|
|
kernel_read_system_state(uptimed_t)
|
|
kernel_read_kernel_sysctls(uptimed_t)
|
|
|
|
corecmd_exec_shell(uptimed_t)
|
|
|
|
dev_read_sysfs(uptimed_t)
|
|
|
|
domain_use_interactive_fds(uptimed_t)
|
|
|
|
files_read_etc_runtime_files(uptimed_t)
|
|
|
|
fs_getattr_all_fs(uptimed_t)
|
|
fs_search_auto_mountpoints(uptimed_t)
|
|
|
|
logging_send_syslog_msg(uptimed_t)
|
|
|
|
miscfiles_read_localization(uptimed_t)
|
|
|
|
userdom_dontaudit_use_unpriv_user_fds(uptimed_t)
|
|
userdom_dontaudit_search_user_home_dirs(uptimed_t)
|
|
|
|
optional_policy(`
|
|
mta_send_mail(uptimed_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
seutil_sigchld_newrole(uptimed_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
udev_read_db(uptimed_t)
|
|
')
|