34 lines
1.2 KiB
Plaintext
34 lines
1.2 KiB
Plaintext
# i18n_input.te
|
|
# Security Policy for IIIMF htt server
|
|
# Date: 2004, 12th April (Monday)
|
|
|
|
# Establish i18n_input as a daemon
|
|
daemon_domain(i18n_input)
|
|
|
|
can_exec(i18n_input_t, i18n_input_exec_t)
|
|
can_network(i18n_input_t)
|
|
allow i18n_input_t port_type:tcp_socket name_connect;
|
|
can_ypbind(i18n_input_t)
|
|
|
|
can_tcp_connect(userdomain, i18n_input_t)
|
|
can_unix_connect(i18n_input_t, initrc_t)
|
|
|
|
allow i18n_input_t self:fifo_file rw_file_perms;
|
|
allow i18n_input_t i18n_input_port_t:tcp_socket name_bind;
|
|
|
|
allow i18n_input_t self:capability { kill setgid setuid };
|
|
allow i18n_input_t self:process { setsched setpgid };
|
|
|
|
allow i18n_input_t { bin_t sbin_t }:dir search;
|
|
can_exec(i18n_input_t, bin_t)
|
|
|
|
allow i18n_input_t etc_t:file r_file_perms;
|
|
allow i18n_input_t self:unix_dgram_socket create_socket_perms;
|
|
allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
|
|
allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
|
|
allow i18n_input_t usr_t:file { getattr read };
|
|
allow i18n_input_t home_root_t:dir search;
|
|
allow i18n_input_t etc_runtime_t:file { getattr read };
|
|
allow i18n_input_t proc_t:file { getattr read };
|