0f7c400223
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
48 lines
1008 B
Plaintext
48 lines
1008 B
Plaintext
policy_module(pingd, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type pingd_t;
|
|
type pingd_exec_t;
|
|
init_daemon_domain(pingd_t, pingd_exec_t)
|
|
|
|
# type for config
|
|
type pingd_etc_t;
|
|
files_type(pingd_etc_t)
|
|
|
|
type pingd_initrc_exec_t;
|
|
init_script_file(pingd_initrc_exec_t)
|
|
|
|
# type for pingd modules
|
|
type pingd_modules_t;
|
|
files_type(pingd_modules_t)
|
|
|
|
########################################
|
|
#
|
|
# pingd local policy
|
|
#
|
|
|
|
allow pingd_t self:capability net_raw;
|
|
allow pingd_t self:tcp_socket create_stream_socket_perms;
|
|
allow pingd_t self:rawip_socket create_socket_perms;
|
|
|
|
read_files_pattern(pingd_t, pingd_etc_t, pingd_etc_t)
|
|
|
|
read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
|
|
mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
|
|
|
|
corenet_raw_bind_generic_node(pingd_t)
|
|
corenet_tcp_bind_generic_node(pingd_t)
|
|
corenet_tcp_bind_pingd_port(pingd_t)
|
|
|
|
auth_use_nsswitch(pingd_t)
|
|
|
|
files_search_usr(pingd_t)
|
|
|
|
logging_send_syslog_msg(pingd_t)
|
|
|
|
miscfiles_read_localization(pingd_t)
|