selinux-policy/policy/modules/admin/certwatch.te

53 lines
1.1 KiB
Plaintext

policy_module(certwatch, 1.5.0)
########################################
#
# Declarations
#
type certwatch_t;
type certwatch_exec_t;
application_domain(certwatch_t, certwatch_exec_t)
role system_r types certwatch_t;
########################################
#
# Local policy
#
allow certwatch_t self:capability sys_nice;
allow certwatch_t self:process { setsched getsched };
dev_read_urand(certwatch_t)
files_read_etc_files(certwatch_t)
files_read_usr_files(certwatch_t)
files_read_usr_symlinks(certwatch_t)
files_list_tmp(certwatch_t)
fs_list_inotifyfs(certwatch_t)
auth_manage_cache(certwatch_t)
auth_var_filetrans_cache(certwatch_t)
logging_send_syslog_msg(certwatch_t)
miscfiles_read_certs(certwatch_t)
miscfiles_read_localization(certwatch_t)
userdom_use_user_terminals(certwatch_t)
userdom_dontaudit_list_user_home_dirs(certwatch_t)
optional_policy(`
apache_exec_modules(certwatch_t)
apache_read_config(certwatch_t)
')
optional_policy(`
cron_system_entry(certwatch_t, certwatch_exec_t)
')
optional_policy(`
pcscd_stream_connect(certwatch_t)
pcscd_read_pub_files(certwatch_t)
')