rpms / selinux-policy

Clone
Source Code
GIT

Blame mls/domains/program/unused/perdition.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   a5d54655dd1acde73925c1f1663abfb8b1cd5366
  2.   mls
  3.   domains
  4.   program
  5.   unused
  6.   perdition.te
Blob History Raw
Chris PeBenito 31b7c0 
#DESC Perdition POP and IMAP proxy
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Author:  Russell Coker <russell@coker.com.au>
Chris PeBenito 31b7c0 
# X-Debian-Packages: perdition
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
#################################
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Rules for the perdition_t domain.
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
daemon_domain(perdition)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow perdition_t pop_port_t:tcp_socket name_bind;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
etc_domain(perdition)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Use the network.
Chris PeBenito 31b7c0 
can_network_server(perdition_t)
Chris PeBenito 31b7c0 
allow perdition_t self:unix_stream_socket create_socket_perms;
Chris PeBenito 31b7c0 
allow perdition_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# allow any domain to connect to the proxy
Chris PeBenito 31b7c0 
can_tcp_connect(userdomain, perdition_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Use capabilities
Chris PeBenito 31b7c0 
allow perdition_t self:capability { setgid setuid net_bind_service };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow perdition_t etc_t:file { getattr read };
Chris PeBenito 31b7c0 
allow perdition_t etc_t:lnk_file read;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation