selinux-policy/strict/domains/program/tmpreaper.te
2005-09-16 21:20:37 +00:00

34 lines
1.1 KiB
Plaintext

#DESC Tmpreaper - Monitor and maintain temporary files
#
# Author: Russell Coker <russell@coker.com.au>
# X-Debian-Packages: tmpreaper
#
#################################
#
# Rules for the tmpreaper_t domain.
#
type tmpreaper_t, domain, privlog;
type tmpreaper_exec_t, file_type, sysadmfile, exec_type;
role system_r types tmpreaper_t;
system_crond_entry(tmpreaper_exec_t, tmpreaper_t)
uses_shlib(tmpreaper_t)
# why does it need setattr?
allow tmpreaper_t { man_t tmpfile }:dir { setattr rw_dir_perms rmdir };
allow tmpreaper_t { man_t tmpfile }:notdevfile_class_set { getattr unlink };
allow tmpreaper_t { home_type file_t }:notdevfile_class_set { getattr unlink };
allow tmpreaper_t self:process { fork sigchld };
allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
allow tmpreaper_t fs_t:filesystem getattr;
r_dir_file(tmpreaper_t, etc_t)
allow tmpreaper_t var_t:dir { getattr search };
r_dir_file(tmpreaper_t, var_lib_t)
allow tmpreaper_t device_t:dir { getattr search };
allow tmpreaper_t urandom_device_t:chr_file { getattr read };
read_locale(tmpreaper_t)