66 lines
1.4 KiB
Plaintext
66 lines
1.4 KiB
Plaintext
|
|
policy_module(rdisc,1.3.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type rdisc_t;
|
|
type rdisc_exec_t;
|
|
init_daemon_domain(rdisc_t,rdisc_exec_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow rdisc_t self:capability net_raw;
|
|
dontaudit rdisc_t self:capability sys_tty_config;
|
|
allow rdisc_t self:process signal_perms;
|
|
allow rdisc_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow rdisc_t self:udp_socket create_socket_perms;
|
|
allow rdisc_t self:rawip_socket create_socket_perms;
|
|
|
|
kernel_list_proc(rdisc_t)
|
|
kernel_read_proc_symlinks(rdisc_t)
|
|
kernel_read_kernel_sysctls(rdisc_t)
|
|
|
|
corenet_non_ipsec_sendrecv(rdisc_t)
|
|
corenet_udp_sendrecv_generic_if(rdisc_t)
|
|
corenet_raw_sendrecv_generic_if(rdisc_t)
|
|
corenet_udp_sendrecv_all_nodes(rdisc_t)
|
|
corenet_raw_sendrecv_all_nodes(rdisc_t)
|
|
corenet_udp_sendrecv_all_ports(rdisc_t)
|
|
|
|
dev_read_sysfs(rdisc_t)
|
|
|
|
fs_search_auto_mountpoints(rdisc_t)
|
|
|
|
domain_use_interactive_fds(rdisc_t)
|
|
|
|
files_read_etc_files(rdisc_t)
|
|
|
|
libs_use_ld_so(rdisc_t)
|
|
libs_use_shared_libs(rdisc_t)
|
|
|
|
logging_send_syslog_msg(rdisc_t)
|
|
|
|
sysnet_read_config(rdisc_t)
|
|
|
|
userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
|
|
|
|
ifdef(`targeted_policy',`
|
|
term_dontaudit_use_unallocated_ttys(rdisc_t)
|
|
term_dontaudit_use_generic_ptys(rdisc_t)
|
|
files_dontaudit_read_root_files(rdisc_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
seutil_sigchld_newrole(rdisc_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
udev_read_db(rdisc_t)
|
|
')
|