fee48647ac
67effb0483be01c6c63f6b0d8d595b082e4b8097d6689d9545afc3d3f3c5e77a59e50ccf8723317759c7dc1db54e9bf16d4f95198bf40792622c63bc20842cdc7cc4d792d448
54 lines
1.1 KiB
Plaintext
54 lines
1.1 KiB
Plaintext
policy_module(certwatch, 1.5.2)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type certwatch_t;
|
|
type certwatch_exec_t;
|
|
application_domain(certwatch_t, certwatch_exec_t)
|
|
role system_r types certwatch_t;
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
allow certwatch_t self:capability sys_nice;
|
|
allow certwatch_t self:process { setsched getsched };
|
|
|
|
dev_read_urand(certwatch_t)
|
|
|
|
files_read_etc_files(certwatch_t)
|
|
files_read_usr_files(certwatch_t)
|
|
files_read_usr_symlinks(certwatch_t)
|
|
files_list_tmp(certwatch_t)
|
|
|
|
fs_list_inotifyfs(certwatch_t)
|
|
|
|
auth_manage_cache(certwatch_t)
|
|
auth_var_filetrans_cache(certwatch_t)
|
|
|
|
logging_send_syslog_msg(certwatch_t)
|
|
|
|
miscfiles_read_generic_certs(certwatch_t)
|
|
miscfiles_read_localization(certwatch_t)
|
|
|
|
userdom_use_user_terminals(certwatch_t)
|
|
userdom_dontaudit_list_user_home_dirs(certwatch_t)
|
|
|
|
optional_policy(`
|
|
apache_exec_modules(certwatch_t)
|
|
apache_read_config(certwatch_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_system_entry(certwatch_t, certwatch_exec_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
pcscd_domtrans(certwatch_t)
|
|
pcscd_stream_connect(certwatch_t)
|
|
pcscd_read_pub_files(certwatch_t)
|
|
')
|