68ac47d8c5
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
82 lines
2.4 KiB
Plaintext
82 lines
2.4 KiB
Plaintext
policy_module(denyhosts, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# DenyHosts personal declarations.
|
|
#
|
|
|
|
type denyhosts_t;
|
|
type denyhosts_exec_t;
|
|
init_daemon_domain(denyhosts_t, denyhosts_exec_t)
|
|
|
|
type denyhosts_initrc_exec_t;
|
|
init_script_file(denyhosts_initrc_exec_t)
|
|
|
|
type denyhosts_var_lib_t;
|
|
files_type(denyhosts_var_lib_t)
|
|
|
|
type denyhosts_var_lock_t;
|
|
files_lock_file(denyhosts_var_lock_t)
|
|
|
|
type denyhosts_var_log_t;
|
|
logging_log_file(denyhosts_var_log_t)
|
|
|
|
########################################
|
|
#
|
|
# DenyHosts personal policy.
|
|
#
|
|
# Bug #588563
|
|
allow denyhosts_t self:capability sys_tty_config;
|
|
allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
|
|
allow denyhosts_t self:tcp_socket create_socket_perms;
|
|
allow denyhosts_t self:udp_socket create_socket_perms;
|
|
|
|
manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
|
|
files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)
|
|
|
|
manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
|
|
manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
|
|
files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })
|
|
|
|
append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
|
|
create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
|
|
read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
|
|
setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
|
|
logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)
|
|
|
|
kernel_read_system_state(denyhosts_t)
|
|
|
|
corecmd_exec_bin(denyhosts_t)
|
|
|
|
corenet_all_recvfrom_unlabeled(denyhosts_t)
|
|
corenet_all_recvfrom_netlabel(denyhosts_t)
|
|
corenet_tcp_sendrecv_generic_if(denyhosts_t)
|
|
corenet_tcp_sendrecv_generic_node(denyhosts_t)
|
|
corenet_tcp_bind_generic_node(denyhosts_t)
|
|
corenet_tcp_connect_smtp_port(denyhosts_t)
|
|
corenet_tcp_connect_sype_port(denyhosts_t)
|
|
corenet_sendrecv_smtp_client_packets(denyhosts_t)
|
|
|
|
dev_read_urand(denyhosts_t)
|
|
|
|
files_read_etc_files(denyhosts_t)
|
|
files_read_usr_files(denyhosts_t)
|
|
|
|
# /var/log/secure
|
|
logging_read_generic_logs(denyhosts_t)
|
|
logging_send_syslog_msg(denyhosts_t)
|
|
|
|
miscfiles_read_localization(denyhosts_t)
|
|
|
|
sysnet_dns_name_resolve(denyhosts_t)
|
|
sysnet_manage_config(denyhosts_t)
|
|
sysnet_etc_filetrans_config(denyhosts_t)
|
|
|
|
optional_policy(`
|
|
cron_system_entry(denyhosts_t, denyhosts_exec_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
gnome_dontaudit_search_config(denyhosts_t)
|
|
')
|