selinux-policy/policy/modules/services/denyhosts.te
2010-08-26 09:41:21 -04:00

82 lines
2.4 KiB
Plaintext

policy_module(denyhosts, 1.0.0)
########################################
#
# DenyHosts personal declarations.
#
type denyhosts_t;
type denyhosts_exec_t;
init_daemon_domain(denyhosts_t, denyhosts_exec_t)
type denyhosts_initrc_exec_t;
init_script_file(denyhosts_initrc_exec_t)
type denyhosts_var_lib_t;
files_type(denyhosts_var_lib_t)
type denyhosts_var_lock_t;
files_lock_file(denyhosts_var_lock_t)
type denyhosts_var_log_t;
logging_log_file(denyhosts_var_log_t)
########################################
#
# DenyHosts personal policy.
#
# Bug #588563
allow denyhosts_t self:capability sys_tty_config;
allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
allow denyhosts_t self:tcp_socket create_socket_perms;
allow denyhosts_t self:udp_socket create_socket_perms;
manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)
manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })
append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)
kernel_read_system_state(denyhosts_t)
corecmd_exec_bin(denyhosts_t)
corenet_all_recvfrom_unlabeled(denyhosts_t)
corenet_all_recvfrom_netlabel(denyhosts_t)
corenet_tcp_sendrecv_generic_if(denyhosts_t)
corenet_tcp_sendrecv_generic_node(denyhosts_t)
corenet_tcp_bind_generic_node(denyhosts_t)
corenet_tcp_connect_smtp_port(denyhosts_t)
corenet_tcp_connect_sype_port(denyhosts_t)
corenet_sendrecv_smtp_client_packets(denyhosts_t)
dev_read_urand(denyhosts_t)
files_read_etc_files(denyhosts_t)
files_read_usr_files(denyhosts_t)
# /var/log/secure
logging_read_generic_logs(denyhosts_t)
logging_send_syslog_msg(denyhosts_t)
miscfiles_read_localization(denyhosts_t)
sysnet_dns_name_resolve(denyhosts_t)
sysnet_manage_config(denyhosts_t)
sysnet_etc_filetrans_config(denyhosts_t)
optional_policy(`
cron_system_entry(denyhosts_t, denyhosts_exec_t)
')
optional_policy(`
gnome_dontaudit_search_config(denyhosts_t)
')