43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
#DESC ddcprobe - output ddcprobe results from kudzu
|
|
#
|
|
# Author: dan walsh <dwalsh@redhat.com>
|
|
#
|
|
|
|
type ddcprobe_t, domain, privmem;
|
|
type ddcprobe_exec_t, file_type, exec_type, sysadmfile;
|
|
|
|
# Allow execution by the sysadm
|
|
role sysadm_r types ddcprobe_t;
|
|
role system_r types ddcprobe_t;
|
|
domain_auto_trans(sysadm_t, ddcprobe_exec_t, ddcprobe_t)
|
|
|
|
uses_shlib(ddcprobe_t)
|
|
|
|
# Allow terminal access
|
|
access_terminal(ddcprobe_t, sysadm)
|
|
|
|
# Allow ddcprobe to read /dev/mem
|
|
allow ddcprobe_t memory_device_t:chr_file read;
|
|
allow ddcprobe_t memory_device_t:chr_file { execute write };
|
|
allow ddcprobe_t self:process execmem;
|
|
allow ddcprobe_t zero_device_t:chr_file { execute read };
|
|
|
|
allow ddcprobe_t proc_t:dir search;
|
|
allow ddcprobe_t proc_t:file { getattr read };
|
|
can_exec(ddcprobe_t, sbin_t)
|
|
allow ddcprobe_t user_tty_type:chr_file rw_file_perms;
|
|
allow ddcprobe_t userdomain:fd use;
|
|
read_sysctl(ddcprobe_t)
|
|
allow ddcprobe_t urandom_device_t:chr_file { getattr read };
|
|
allow ddcprobe_t { bin_t sbin_t }:dir r_dir_perms;
|
|
allow ddcprobe_t self:capability { sys_rawio sys_admin };
|
|
|
|
allow ddcprobe_t { etc_t etc_runtime_t }:file { getattr read };
|
|
allow ddcprobe_t kudzu_exec_t:file getattr;
|
|
allow ddcprobe_t lib_t:file { getattr read };
|
|
read_locale(ddcprobe_t)
|
|
allow ddcprobe_t modules_object_t:dir search;
|
|
allow ddcprobe_t modules_dep_t:file { getattr read };
|
|
allow ddcprobe_t usr_t:file { getattr read };
|
|
allow ddcprobe_t kernel_t:system syslog_console;
|