47 lines
1.4 KiB
Plaintext
47 lines
1.4 KiB
Plaintext
# DESC selinux policy for djbdns
|
|
# http://cr.yp.to/djbdns.html
|
|
#
|
|
# Author: petre rodan <kaiowas@gentoo.org>
|
|
#
|
|
# this policy depends on ucspi-tcp and daemontools policies
|
|
#
|
|
|
|
ifdef(`daemontools.te', `
|
|
ifdef(`ucspi-tcp.te', `
|
|
|
|
define(`djbdns_daemon_domain', `
|
|
type djbdns_$1_conf_t, file_type, sysadmfile;
|
|
daemon_domain(djbdns_$1)
|
|
domain_auto_trans( svc_run_t, djbdns_$1_exec_t, djbdns_$1_t)
|
|
svc_ipc_domain(djbdns_$1_t)
|
|
can_network(djbdns_$1_t)
|
|
allow djbdns_$1_t port_type:tcp_socket name_connect;
|
|
allow djbdns_$1_t dns_port_t:{ udp_socket tcp_socket } name_bind;
|
|
allow djbdns_$1_t port_t:udp_socket name_bind;
|
|
r_dir_file(djbdns_$1_t, djbdns_$1_conf_t)
|
|
allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot };
|
|
allow djbdns_$1_t svc_svc_t:dir r_dir_perms;
|
|
')
|
|
|
|
define(`djbdns_tcpserver_domain', `
|
|
type djbdns_$1_conf_t, file_type, sysadmfile;
|
|
daemon_domain(djbdns_$1)
|
|
domain_auto_trans(utcpserver_t, djbdns_$1_exec_t, djbdns_$1_t)
|
|
svc_ipc_domain(djbdns_$1_t)
|
|
allow utcpserver_t dns_port_t:{ udp_socket tcp_socket } name_bind;
|
|
r_dir_file(djbdns_$1_t, djbdns_$1_conf_t)
|
|
allow djbdns_$1_t utcpserver_t:tcp_socket { read write };
|
|
')
|
|
|
|
djbdns_daemon_domain(dnscache)
|
|
# read seed file
|
|
allow djbdns_dnscache_t svc_svc_t:file r_file_perms;
|
|
|
|
djbdns_daemon_domain(tinydns)
|
|
|
|
djbdns_tcpserver_domain(axfrdns)
|
|
r_dir_file(djbdns_axfrdns_t, djbdns_tinydns_t)
|
|
|
|
') dnl ifdef ucspi-tcp.te
|
|
') dnl ifdef daemontools.te
|