selinux-policy/policy/modules/services/pxe.te
2007-04-17 13:28:09 +00:00

74 lines
1.4 KiB
Plaintext

policy_module(pxe,1.1.0)
# cjp: policy seems incomplete
########################################
#
# Declarations
#
type pxe_t;
type pxe_exec_t;
init_daemon_domain(pxe_t,pxe_exec_t)
type pxe_log_t;
logging_log_file(pxe_log_t)
type pxe_var_run_t;
files_pid_file(pxe_var_run_t)
########################################
#
# Local policy
#
allow pxe_t self:capability { chown setgid setuid };
dontaudit pxe_t self:capability sys_tty_config;
allow pxe_t self:process signal_perms;
allow pxe_t pxe_log_t:file manage_file_perms;
logging_log_filetrans(pxe_t,pxe_log_t,file)
manage_files_pattern(pxe_t,pxe_var_run_t,pxe_var_run_t)
files_pid_filetrans(pxe_t,pxe_var_run_t,file)
kernel_read_kernel_sysctls(pxe_t)
kernel_list_proc(pxe_t)
kernel_read_proc_symlinks(pxe_t)
corenet_udp_bind_pxe_port(pxe_t)
dev_read_sysfs(pxe_t)
domain_use_interactive_fds(pxe_t)
files_read_etc_files(pxe_t)
fs_getattr_all_fs(pxe_t)
fs_search_auto_mountpoints(pxe_t)
libs_use_ld_so(pxe_t)
libs_use_shared_libs(pxe_t)
logging_send_syslog_msg(pxe_t)
miscfiles_read_localization(pxe_t)
userdom_dontaudit_use_unpriv_user_fds(pxe_t)
userdom_dontaudit_search_sysadm_home_dirs(pxe_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(pxe_t)
term_dontaudit_use_generic_ptys(pxe_t)
files_dontaudit_read_root_files(pxe_t)
')
optional_policy(`
seutil_sigchld_newrole(pxe_t)
')
optional_policy(`
udev_read_db(pxe_t)
')