rpms / selinux-policy

Clone
Source Code
GIT

Blame mls/domains/program/timidity.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   7e0fa55f06a210c3ff6e09ae70dbfc30bfffc2b0
  2.   mls
  3.   domains
  4.   program
  5.   timidity.te
Blob History Raw
Chris PeBenito 31b7c0 
# DESC timidity - MIDI to WAV converter and player
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Author: Thomas Bleher <ThomasBleher@gmx.de>
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Note: You only need this policy if you want to run timidity as a server
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
daemon_base_domain(timidity)
Chris PeBenito 31b7c0 
can_network_server(timidity_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow timidity_t device_t:lnk_file read;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# read /usr/share/alsa/alsa.conf
Chris PeBenito 31b7c0 
allow timidity_t usr_t:file { getattr read };
Chris PeBenito 31b7c0 
# read /etc/esd.conf and /proc/cpuinfo
Chris PeBenito 31b7c0 
allow timidity_t { etc_t proc_t }:file { getattr read };
Chris PeBenito 31b7c0 
# read libartscbackend.la - should these be shlib_t?
Chris PeBenito 31b7c0 
allow timidity_t lib_t:file { getattr read };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow timidity_t sound_device_t:chr_file { read write ioctl };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# stupid timidity won't start if it can't search its current directory.
Chris PeBenito 31b7c0 
# allow this so /etc/init.d/alsasound start works from /root
Chris PeBenito 31b7c0 
allow timidity_t sysadm_home_dir_t:dir search;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow timidity_t tmp_t:dir search;
Chris PeBenito 31b7c0 
tmpfs_domain(timidity)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow timidity_t self:shm create_shm_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow timidity_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow timidity_t devpts_t:dir search;
Chris PeBenito 31b7c0 
allow timidity_t self:capability { dac_override dac_read_search };
Chris PeBenito 31b7c0 
allow timidity_t self:process getsched;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation