selinux-policy/policy/modules/admin/readahead.te
2006-10-18 19:25:27 +00:00

86 lines
2.2 KiB
Plaintext

policy_module(readahead,1.3.0)
########################################
#
# Declarations
#
type readahead_t;
type readahead_exec_t;
init_daemon_domain(readahead_t,readahead_exec_t)
type readahead_var_run_t;
files_pid_file(readahead_var_run_t)
########################################
#
# Local policy
#
dontaudit readahead_t self:capability { dac_override dac_read_search sys_tty_config };
allow readahead_t self:process signal_perms;
allow readahead_t readahead_var_run_t:file create_file_perms;
allow readahead_t readahead_var_run_t:dir rw_dir_perms;
files_pid_filetrans(readahead_t,readahead_var_run_t,file)
kernel_read_kernel_sysctls(readahead_t)
kernel_read_system_state(readahead_t)
kernel_dontaudit_getattr_core_if(readahead_t)
dev_read_sysfs(readahead_t)
dev_getattr_generic_chr_files(readahead_t)
dev_getattr_generic_blk_files(readahead_t)
dev_getattr_all_chr_files(readahead_t)
dev_getattr_all_blk_files(readahead_t)
dev_dontaudit_read_all_blk_files(readahead_t)
dev_dontaudit_getattr_memory_dev(readahead_t)
dev_dontaudit_getattr_nvram_dev(readahead_t)
storage_dontaudit_getattr_fixed_disk_dev(readahead_t)
domain_use_interactive_fds(readahead_t)
files_dontaudit_getattr_all_sockets(readahead_t)
files_list_non_security(readahead_t)
files_read_non_security_files(readahead_t)
fs_getattr_all_fs(readahead_t)
fs_search_auto_mountpoints(readahead_t)
fs_getattr_all_pipes(readahead_t)
fs_getattr_all_files(readahead_t)
fs_dontaudit_search_ramfs(readahead_t)
fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
fs_read_tmpfs_symlinks(readahead_t)
mls_file_read_up(readahead_t)
term_dontaudit_use_console(readahead_t)
auth_dontaudit_read_shadow(readahead_t)
init_use_fds(readahead_t)
init_use_script_ptys(readahead_t)
init_getattr_initctl(readahead_t)
libs_use_ld_so(readahead_t)
libs_use_shared_libs(readahead_t)
logging_send_syslog_msg(readahead_t)
miscfiles_read_localization(readahead_t)
userdom_dontaudit_use_unpriv_user_fds(readahead_t)
userdom_dontaudit_search_sysadm_home_dirs(readahead_t)
ifdef(`targeted_policy',`
files_dontaudit_read_root_files(readahead_t)
term_dontaudit_use_unallocated_ttys(readahead_t)
term_dontaudit_use_generic_ptys(readahead_t)
')
optional_policy(`
seutil_sigchld_newrole(readahead_t)
')