|
Chris PeBenito |
31b7c0 |
#DESC Backup - Backup scripts
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
31b7c0 |
# X-Debian-Packages: dpkg
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#################################
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Rules for the backup_t domain.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
type backup_t, domain, privlog, auth;
|
|
Chris PeBenito |
31b7c0 |
type backup_exec_t, file_type, sysadmfile, exec_type;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
type backup_store_t, file_type, sysadmfile;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
role system_r types backup_t;
|
|
Chris PeBenito |
31b7c0 |
role sysadm_r types backup_t;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
ifdef(`targeted_policy', `', `
|
|
Chris PeBenito |
31b7c0 |
domain_auto_trans(sysadm_t, backup_exec_t, backup_t)
|
|
Chris PeBenito |
31b7c0 |
')
|
|
Chris PeBenito |
31b7c0 |
allow backup_t privfd:fd use;
|
|
Chris PeBenito |
31b7c0 |
ifdef(`crond.te', `
|
|
Chris PeBenito |
31b7c0 |
system_crond_entry(backup_exec_t, backup_t)
|
|
Chris PeBenito |
31b7c0 |
rw_dir_create_file(system_crond_t, backup_store_t)
|
|
Chris PeBenito |
31b7c0 |
')
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# for SSP
|
|
Chris PeBenito |
31b7c0 |
allow backup_t urandom_device_t:chr_file read;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
can_network_client(backup_t)
|
|
Chris PeBenito |
31b7c0 |
allow backup_t port_type:tcp_socket name_connect;
|
|
Chris PeBenito |
31b7c0 |
can_ypbind(backup_t)
|
|
Chris PeBenito |
31b7c0 |
uses_shlib(backup_t)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow backup_t devtty_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow backup_t { file_type fs_type }:dir r_dir_perms;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t file_type:{ file lnk_file } r_file_perms;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t file_type:{ sock_file fifo_file } getattr;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t { device_t device_type ttyfile }:chr_file getattr;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t { device_t device_type }:blk_file getattr;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t var_t:file create_file_perms;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow backup_t proc_t:dir r_dir_perms;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t proc_t:file r_file_perms;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t proc_t:lnk_file { getattr read };
|
|
Chris PeBenito |
31b7c0 |
read_sysctl(backup_t)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow backup_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
31b7c0 |
allow backup_t self:process { signal sigchld fork };
|
|
Chris PeBenito |
31b7c0 |
allow backup_t self:capability dac_override;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
rw_dir_file(backup_t, backup_store_t)
|
|
Chris PeBenito |
31b7c0 |
allow backup_t backup_store_t:file { create setattr };
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow backup_t fs_t:filesystem getattr;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
allow backup_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
can_exec(backup_t, bin_t)
|
|
Chris PeBenito |
31b7c0 |
ifdef(`hostname.te', `can_exec(backup_t, hostname_exec_t)')
|