45 lines
1.5 KiB
Plaintext
45 lines
1.5 KiB
Plaintext
#DESC ddclient - Update dynamic IP address at DynDNS.org
|
|
#
|
|
# Author: Greg Norris <haphazard@kc.rr.com>
|
|
# X-Debian-Packages: ddclient
|
|
#
|
|
|
|
#################################
|
|
#
|
|
# Rules for the ddclient_t domain.
|
|
#
|
|
daemon_domain(ddclient);
|
|
type ddclient_etc_t, file_type, sysadmfile;
|
|
type ddclient_var_t, file_type, sysadmfile;
|
|
log_domain(ddclient)
|
|
var_lib_domain(ddclient)
|
|
|
|
base_file_read_access(ddclient_t)
|
|
can_exec(ddclient_t, { shell_exec_t bin_t })
|
|
|
|
# ddclient can be launched by pppd
|
|
ifdef(`pppd.te',`domain_auto_trans(pppd_t, ddclient_exec_t, ddclient_t)')
|
|
|
|
# misc. requirements
|
|
allow ddclient_t self:fifo_file rw_file_perms;
|
|
allow ddclient_t self:socket create_socket_perms;
|
|
allow ddclient_t etc_t:file { getattr read };
|
|
allow ddclient_t etc_runtime_t:file r_file_perms;
|
|
allow ddclient_t ifconfig_exec_t:file { rx_file_perms execute_no_trans };
|
|
allow ddclient_t urandom_device_t:chr_file read;
|
|
general_proc_read_access(ddclient_t)
|
|
allow ddclient_t sysctl_net_t:dir search;
|
|
|
|
# network-related goodies
|
|
can_network_client(ddclient_t)
|
|
allow ddclient_t port_type:tcp_socket name_connect;
|
|
allow ddclient_t self:unix_dgram_socket create_socket_perms;
|
|
allow ddclient_t self:unix_stream_socket create_socket_perms;
|
|
|
|
# allow access to ddclient.conf and ddclient.cache
|
|
allow ddclient_t ddclient_etc_t:file r_file_perms;
|
|
file_type_auto_trans(ddclient_t, var_t, ddclient_var_t)
|
|
dontaudit ddclient_t devpts_t:dir search;
|
|
dontaudit ddclient_t { devtty_t admin_tty_type user_tty_type }:chr_file rw_file_perms;
|
|
dontaudit httpd_t selinux_config_t:dir search;
|