selinux-policy/policy/modules/services/cmirrord.te

policy_module(cmirrord,1.0.0)

########################################
#
# Declarations
#

type cmirrord_t;
type cmirrord_exec_t;
init_daemon_domain(cmirrord_t, cmirrord_exec_t)

type cmirrord_initrc_exec_t;
init_script_file(cmirrord_initrc_exec_t)

type cmirrord_tmpfs_t;
files_tmpfs_file(cmirrord_tmpfs_t)

type cmirrord_var_run_t;
files_pid_file(cmirrord_var_run_t)

########################################
#
# cmirrord local policy
#

allow cmirrord_t self:capability { net_admin kill };
dontaudit cmirrord_t self:capability sys_tty_config;
allow cmirrord_t self:process signal;

allow cmirrord_t self:fifo_file rw_fifo_file_perms;

allow cmirrord_t self:sem create_sem_perms;
allow cmirrord_t self:shm create_shm_perms;
allow cmirrord_t self:netlink_socket create_socket_perms;
allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })

manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, { file })

domain_use_interactive_fds(cmirrord_t)

files_read_etc_files(cmirrord_t)

logging_send_syslog_msg(cmirrord_t)

miscfiles_read_localization(cmirrord_t)

optional_policy(`
        corosync_stream_connect(cmirrord_t)
')