18f2a72d7f
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
60 lines
1.5 KiB
Plaintext
60 lines
1.5 KiB
Plaintext
policy_module(qpidd, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type qpidd_t;
|
|
type qpidd_exec_t;
|
|
init_daemon_domain(qpidd_t, qpidd_exec_t)
|
|
|
|
type qpidd_initrc_exec_t;
|
|
init_script_file(qpidd_initrc_exec_t)
|
|
|
|
type qpidd_var_run_t;
|
|
files_pid_file(qpidd_var_run_t)
|
|
|
|
type qpidd_var_lib_t;
|
|
files_type(qpidd_var_lib_t)
|
|
|
|
########################################
|
|
#
|
|
# qpidd local policy
|
|
#
|
|
|
|
allow qpidd_t self:process { setsched signull };
|
|
allow qpidd_t self:fifo_file rw_fifo_file_perms;
|
|
allow qpidd_t self:sem create_sem_perms;
|
|
allow qpidd_t self:shm create_shm_perms;
|
|
allow qpidd_t self:tcp_socket create_stream_socket_perms;
|
|
allow qpidd_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
|
manage_dirs_pattern(qpidd_t, qpidd_var_lib_t, qpidd_var_lib_t)
|
|
manage_files_pattern(qpidd_t, qpidd_var_lib_t, qpidd_var_lib_t)
|
|
files_var_lib_filetrans(qpidd_t, qpidd_var_lib_t, { file dir })
|
|
|
|
manage_dirs_pattern(qpidd_t, qpidd_var_run_t, qpidd_var_run_t)
|
|
manage_files_pattern(qpidd_t, qpidd_var_run_t, qpidd_var_run_t)
|
|
files_pid_filetrans(qpidd_t, qpidd_var_run_t, { file dir })
|
|
|
|
kernel_read_system_state(qpidd_t)
|
|
|
|
corenet_all_recvfrom_unlabeled(qpidd_t)
|
|
corenet_all_recvfrom_netlabel(qpidd_t)
|
|
corenet_tcp_bind_generic_node(qpidd_t)
|
|
corenet_tcp_sendrecv_generic_if(qpidd_t)
|
|
corenet_tcp_sendrecv_generic_node(qpidd_t)
|
|
corenet_tcp_sendrecv_all_ports(qpidd_t)
|
|
corenet_tcp_bind_amqp_port(qpidd_t)
|
|
|
|
dev_read_urand(qpidd_t)
|
|
|
|
files_read_etc_files(qpidd_t)
|
|
|
|
logging_send_syslog_msg(qpidd_t)
|
|
|
|
miscfiles_read_localization(qpidd_t)
|
|
|
|
sysnet_dns_name_resolve(qpidd_t)
|