7d1f5642b0
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
99 lines
2.5 KiB
Plaintext
99 lines
2.5 KiB
Plaintext
policy_module(telnet, 1.10.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type telnetd_t;
|
|
type telnetd_exec_t;
|
|
inetd_service_domain(telnetd_t, telnetd_exec_t)
|
|
|
|
type telnetd_devpts_t; #, userpty_type;
|
|
term_login_pty(telnetd_devpts_t)
|
|
|
|
type telnetd_tmp_t;
|
|
files_tmp_file(telnetd_tmp_t)
|
|
|
|
type telnetd_var_run_t;
|
|
files_pid_file(telnetd_var_run_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow telnetd_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
|
|
allow telnetd_t self:process signal_perms;
|
|
allow telnetd_t self:fifo_file rw_fifo_file_perms;
|
|
allow telnetd_t self:tcp_socket connected_stream_socket_perms;
|
|
allow telnetd_t self:udp_socket create_socket_perms;
|
|
# for identd; cjp: this should probably only be inetd_child rules?
|
|
allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
|
|
|
allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
|
|
term_create_pty(telnetd_t, telnetd_devpts_t)
|
|
|
|
manage_dirs_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
|
|
manage_files_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
|
|
|
|
manage_files_pattern(telnetd_t, telnetd_var_run_t, telnetd_var_run_t)
|
|
files_pid_filetrans(telnetd_t, telnetd_var_run_t, file)
|
|
|
|
kernel_read_kernel_sysctls(telnetd_t)
|
|
kernel_read_system_state(telnetd_t)
|
|
kernel_read_network_state(telnetd_t)
|
|
|
|
corenet_all_recvfrom_unlabeled(telnetd_t)
|
|
corenet_all_recvfrom_netlabel(telnetd_t)
|
|
corenet_tcp_sendrecv_generic_if(telnetd_t)
|
|
corenet_udp_sendrecv_generic_if(telnetd_t)
|
|
corenet_tcp_sendrecv_generic_node(telnetd_t)
|
|
corenet_udp_sendrecv_generic_node(telnetd_t)
|
|
corenet_tcp_sendrecv_all_ports(telnetd_t)
|
|
corenet_udp_sendrecv_all_ports(telnetd_t)
|
|
|
|
dev_read_urand(telnetd_t)
|
|
|
|
domain_interactive_fd(telnetd_t)
|
|
|
|
fs_getattr_xattr_fs(telnetd_t)
|
|
|
|
auth_rw_login_records(telnetd_t)
|
|
auth_use_nsswitch(telnetd_t)
|
|
|
|
corecmd_search_bin(telnetd_t)
|
|
|
|
files_read_usr_files(telnetd_t)
|
|
files_read_etc_files(telnetd_t)
|
|
files_read_etc_runtime_files(telnetd_t)
|
|
|
|
init_rw_utmp(telnetd_t)
|
|
|
|
logging_send_syslog_msg(telnetd_t)
|
|
|
|
miscfiles_read_localization(telnetd_t)
|
|
|
|
seutil_read_config(telnetd_t)
|
|
|
|
remotelogin_domtrans(telnetd_t)
|
|
|
|
userdom_search_user_home_dirs(telnetd_t)
|
|
userdom_setattr_user_ptys(telnetd_t)
|
|
userdom_manage_user_tmp_files(telnetd_t)
|
|
userdom_tmp_filetrans_user_tmp(telnetd_t, file)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_search_nfs(telnetd_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_search_cifs(telnetd_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
kerberos_keytab_template(telnetd, telnetd_t)
|
|
kerberos_manage_host_rcache(telnetd_t)
|
|
')
|
|
|