38 lines
1.6 KiB
Plaintext
38 lines
1.6 KiB
Plaintext
#DESC pegasus - The Open Group Pegasus CIM/WBEM Server
|
|
#
|
|
# Author: Jason Vas Dias <jvdias@redhat.com>
|
|
# Package: tog-pegasus
|
|
#
|
|
#################################
|
|
#
|
|
# Rules for the pegasus domain
|
|
#
|
|
daemon_domain(pegasus, `, nscd_client_domain, auth')
|
|
type pegasus_data_t, file_type, sysadmfile;
|
|
type pegasus_conf_t, file_type, sysadmfile;
|
|
type pegasus_mof_t, file_type, sysadmfile;
|
|
type pegasus_conf_exec_t, file_type, exec_type, sysadmfile;
|
|
allow pegasus_t self:capability { dac_override net_bind_service audit_write };
|
|
can_network_tcp(pegasus_t);
|
|
nsswitch_domain(pegasus_t);
|
|
allow pegasus_t pegasus_var_run_t:sock_file { create setattr };
|
|
allow pegasus_t self:unix_dgram_socket create_socket_perms;
|
|
allow pegasus_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow pegasus_t self:file { read getattr };
|
|
allow pegasus_t self:fifo_file rw_file_perms;
|
|
allow pegasus_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
|
|
allow pegasus_t { pegasus_http_port_t pegasus_https_port_t }:tcp_socket { name_bind name_connect };
|
|
allow pegasus_t proc_t:file { getattr read };
|
|
allow pegasus_t sysctl_vm_t:dir search;
|
|
allow pegasus_t initrc_var_run_t:file { read write lock };
|
|
allow pegasus_t urandom_device_t:chr_file { getattr read };
|
|
r_dir_file(pegasus_t, etc_t)
|
|
r_dir_file(pegasus_t, var_lib_t)
|
|
r_dir_file(pegasus_t, pegasus_mof_t)
|
|
rw_dir_create_file(pegasus_t, pegasus_conf_t)
|
|
rw_dir_create_file(pegasus_t, pegasus_data_t)
|
|
rw_dir_create_file(pegasus_conf_exec_t, pegasus_conf_t)
|
|
allow pegasus_t shadow_t:file { getattr read };
|
|
dontaudit pegasus_t selinux_config_t:dir search;
|
|
|