selinux-policy/policy/modules/services/ntop.te
Dominick Grift 18f2a72d7f Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-23 14:59:23 +02:00

115 lines
3.0 KiB
Plaintext

policy_module(ntop, 1.9.0)
########################################
#
# Declarations
#
type ntop_t;
type ntop_exec_t;
init_daemon_domain(ntop_t, ntop_exec_t)
application_domain(ntop_t, ntop_exec_t)
type ntop_initrc_exec_t;
init_script_file(ntop_initrc_exec_t)
type ntop_etc_t;
files_config_file(ntop_etc_t)
type ntop_tmp_t;
files_tmp_file(ntop_tmp_t)
type ntop_var_lib_t;
files_type(ntop_var_lib_t)
type ntop_var_run_t;
files_pid_file(ntop_var_run_t)
########################################
#
# Local Policy
#
allow ntop_t self:capability { net_raw setgid setuid sys_admin net_admin };
dontaudit ntop_t self:capability sys_tty_config;
allow ntop_t self:process signal_perms;
allow ntop_t self:fifo_file rw_fifo_file_perms;
allow ntop_t self:tcp_socket create_stream_socket_perms;
allow ntop_t self:udp_socket create_socket_perms;
allow ntop_t self:unix_dgram_socket create_socket_perms;
allow ntop_t self:unix_stream_socket create_stream_socket_perms;
allow ntop_t self:packet_socket create_socket_perms;
allow ntop_t self:socket create_socket_perms;
allow ntop_t ntop_etc_t:dir list_dir_perms;
read_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
read_lnk_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
manage_dirs_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
manage_files_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir })
manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
files_pid_filetrans(ntop_t, ntop_var_run_t, file)
kernel_request_load_module(ntop_t)
kernel_read_system_state(ntop_t)
kernel_read_network_state(ntop_t)
kernel_read_kernel_sysctls(ntop_t)
kernel_list_proc(ntop_t)
kernel_read_proc_symlinks(ntop_t)
corenet_all_recvfrom_unlabeled(ntop_t)
corenet_all_recvfrom_netlabel(ntop_t)
corenet_tcp_sendrecv_generic_if(ntop_t)
corenet_udp_sendrecv_generic_if(ntop_t)
corenet_raw_sendrecv_generic_if(ntop_t)
corenet_tcp_sendrecv_generic_node(ntop_t)
corenet_udp_sendrecv_generic_node(ntop_t)
corenet_raw_sendrecv_generic_node(ntop_t)
corenet_tcp_sendrecv_all_ports(ntop_t)
corenet_udp_sendrecv_all_ports(ntop_t)
corenet_tcp_bind_ntop_port(ntop_t)
corenet_tcp_connect_ntop_port(ntop_t)
corenet_tcp_connect_http_port(ntop_t)
corenet_sendrecv_http_client_packets(ntop_t)
corenet_sendrecv_ntop_client_packets(ntop_t)
corenet_sendrecv_ntop_server_packets(ntop_t)
dev_read_sysfs(ntop_t)
dev_rw_generic_usb_dev(ntop_t)
domain_use_interactive_fds(ntop_t)
files_read_etc_files(ntop_t)
files_read_usr_files(ntop_t)
fs_getattr_all_fs(ntop_t)
fs_search_auto_mountpoints(ntop_t)
auth_use_nsswitch(ntop_t)
logging_send_syslog_msg(ntop_t)
miscfiles_read_localization(ntop_t)
miscfiles_read_fonts(ntop_t)
userdom_dontaudit_use_unpriv_user_fds(ntop_t)
userdom_dontaudit_search_user_home_dirs(ntop_t)
optional_policy(`
apache_read_sys_content(ntop_t)
')
optional_policy(`
seutil_sigchld_newrole(ntop_t)
')
optional_policy(`
udev_read_db(ntop_t)
')