selinux-policy/policy/modules/services/denyhosts.te
Dominick Grift 68ac47d8c5 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:41:42 +02:00

82 lines
2.4 KiB
Plaintext

policy_module(denyhosts, 1.0.0)
########################################
#
# DenyHosts personal declarations.
#
type denyhosts_t;
type denyhosts_exec_t;
init_daemon_domain(denyhosts_t, denyhosts_exec_t)
type denyhosts_initrc_exec_t;
init_script_file(denyhosts_initrc_exec_t)
type denyhosts_var_lib_t;
files_type(denyhosts_var_lib_t)
type denyhosts_var_lock_t;
files_lock_file(denyhosts_var_lock_t)
type denyhosts_var_log_t;
logging_log_file(denyhosts_var_log_t)
########################################
#
# DenyHosts personal policy.
#
# Bug #588563
allow denyhosts_t self:capability sys_tty_config;
allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
allow denyhosts_t self:tcp_socket create_socket_perms;
allow denyhosts_t self:udp_socket create_socket_perms;
manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)
manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })
append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)
kernel_read_system_state(denyhosts_t)
corecmd_exec_bin(denyhosts_t)
corenet_all_recvfrom_unlabeled(denyhosts_t)
corenet_all_recvfrom_netlabel(denyhosts_t)
corenet_tcp_sendrecv_generic_if(denyhosts_t)
corenet_tcp_sendrecv_generic_node(denyhosts_t)
corenet_tcp_bind_generic_node(denyhosts_t)
corenet_tcp_connect_smtp_port(denyhosts_t)
corenet_tcp_connect_sype_port(denyhosts_t)
corenet_sendrecv_smtp_client_packets(denyhosts_t)
dev_read_urand(denyhosts_t)
files_read_etc_files(denyhosts_t)
files_read_usr_files(denyhosts_t)
# /var/log/secure
logging_read_generic_logs(denyhosts_t)
logging_send_syslog_msg(denyhosts_t)
miscfiles_read_localization(denyhosts_t)
sysnet_dns_name_resolve(denyhosts_t)
sysnet_manage_config(denyhosts_t)
sysnet_etc_filetrans_config(denyhosts_t)
optional_policy(`
cron_system_entry(denyhosts_t, denyhosts_exec_t)
')
optional_policy(`
gnome_dontaudit_search_config(denyhosts_t)
')