selinux-policy/policy/modules/services/vhostmd.te
Dominick Grift 7d1f5642b0 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-24 12:44:39 +02:00

80 lines
1.8 KiB
Plaintext

policy_module(vhostmd, 1.0.0)
########################################
#
# Declarations
#
type vhostmd_t;
type vhostmd_exec_t;
init_daemon_domain(vhostmd_t, vhostmd_exec_t)
type vhostmd_initrc_exec_t;
init_script_file(vhostmd_initrc_exec_t)
type vhostmd_tmpfs_t;
files_tmpfs_file(vhostmd_tmpfs_t)
type vhostmd_var_run_t;
files_pid_file(vhostmd_var_run_t)
########################################
#
# vhostmd local policy
#
allow vhostmd_t self:capability { dac_override ipc_lock setuid setgid };
allow vhostmd_t self:process { setsched getsched };
allow vhostmd_t self:fifo_file rw_fifo_file_perms;
manage_dirs_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
manage_files_pattern(vhostmd_t, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
fs_tmpfs_filetrans(vhostmd_t, vhostmd_tmpfs_t, { file dir })
manage_dirs_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
manage_files_pattern(vhostmd_t, vhostmd_var_run_t, vhostmd_var_run_t)
files_pid_filetrans(vhostmd_t, vhostmd_var_run_t, { file dir })
kernel_read_system_state(vhostmd_t)
kernel_read_network_state(vhostmd_t)
kernel_write_xen_state(vhostmd_t)
corecmd_exec_bin(vhostmd_t)
corecmd_exec_shell(vhostmd_t)
corenet_tcp_connect_soundd_port(vhostmd_t)
# 579803
files_list_tmp(vhostmd_t)
files_read_etc_files(vhostmd_t)
files_read_usr_files(vhostmd_t)
dev_read_sysfs(vhostmd_t)
auth_use_nsswitch(vhostmd_t)
logging_send_syslog_msg(vhostmd_t)
miscfiles_read_localization(vhostmd_t)
optional_policy(`
hostname_exec(vhostmd_t)
')
optional_policy(`
rpm_exec(vhostmd_t)
rpm_read_db(vhostmd_t)
')
optional_policy(`
virt_stream_connect(vhostmd_t)
virt_write_content(vhostmd_t)
')
optional_policy(`
xen_domtrans_xm(vhostmd_t)
xen_stream_connect(vhostmd_t)
xen_stream_connect_xenstore(vhostmd_t)
xen_stream_connect_xm(vhostmd_t)
')