selinux-policy/policy/modules/services/vnstatd.te

policy_module(vnstatd, 1.0.0)

########################################
#
# Declarations
#

type vnstatd_t;
type vnstatd_exec_t;
init_daemon_domain(vnstatd_t, vnstatd_exec_t)

permissive vnstatd_t;

type vnstatd_var_lib_t;
files_type(vnstatd_var_lib_t)

type vnstat_t;
type vnstat_exec_t;
application_domain(vnstat_t, vnstat_exec_t)
cron_system_entry(vnstat_t, vnstat_exec_t)

########################################
#
# vnstatd local policy
#
allow vnstatd_t self:process { fork signal };
allow vnstatd_t self:fifo_file rw_fifo_file_perms;
allow vnstatd_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
manage_files_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
files_var_lib_filetrans(vnstatd_t, vnstatd_var_lib_t, { dir file })

domain_use_interactive_fds(vnstatd_t)

files_read_etc_files(vnstatd_t)

logging_send_syslog_msg(vnstatd_t)

miscfiles_read_localization(vnstatd_t)

########################################
#
# vnstat local policy
#
allow vnstat_t self:process signal;
allow vnstat_t self:fifo_file rw_fifo_file_perms;
allow vnstat_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
manage_files_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
files_var_lib_filetrans(vnstat_t, vnstatd_var_lib_t, { dir file })

kernel_read_network_state(vnstat_t)
kernel_read_system_state(vnstat_t)

domain_use_interactive_fds(vnstat_t)

files_read_etc_files(vnstat_t)

fs_getattr_xattr_fs(vnstat_t)

logging_send_syslog_msg(vnstat_t)

miscfiles_read_localization(vnstat_t)