selinux-policy/refpolicy/policy/modules/apps/slocate.te
2006-01-16 14:58:58 +00:00

47 lines
1.0 KiB
Plaintext

policy_module(slocate,1.0.0)
#################################
#
# Declarations
#
type locate_t;
type locate_exec_t;
init_system_domain(locate_t,locate_exec_t)
type locate_log_t;
logging_log_file(locate_log_t)
type locate_var_lib_t;
files_type(locate_var_lib_t)
########################################
#
# Local policy
#
allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
allow locate_t self:process { execmem execheap execstack };
allow locate_t self:fifo_file rw_file_perms;
allow locate_t self:unix_stream_socket create_socket_perms;
allow locate_t locate_var_lib_t:dir create_dir_perms;
allow locate_t locate_var_lib_t:file create_file_perms;
kernel_read_system_state(locate_t)
kernel_dontaudit_search_sysctl(locate_t)
corecmd_exec_bin(locate_t)
files_list_all(locate_t)
files_getattr_all_files(locate_t)
files_read_etc_runtime_files(locate_t)
files_read_etc_files(locate_t)
fs_getattr_xattr_fs(locate_t)
optional_policy(`cron',`
cron_system_entry(locate_t, locate_exec_t)
')