Chris PeBenito 31b7c0
#DESC yppassdd - NIS password update daemon
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Authors:  Dan Walsh <dwalsh@redhat.com>
Chris PeBenito 31b7c0
# Depends: portmap.te
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
#################################
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
# Rules for the yppasswdd_t domain.
Chris PeBenito 31b7c0
#
Chris PeBenito 31b7c0
daemon_domain(yppasswdd, `, auth_write, privowner')
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Use capabilities.
Chris PeBenito 31b7c0
allow yppasswdd_t self:capability { net_bind_service };
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Use the network.
Chris PeBenito 31b7c0
can_network_server(yppasswdd_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
read_sysctl(yppasswdd_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
# Send to portmap and initrc.
Chris PeBenito 31b7c0
can_udp_send(yppasswdd_t, portmap_t)
Chris PeBenito 31b7c0
can_udp_send(yppasswdd_t, initrc_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow yppasswdd_t reserved_port_t:{ udp_socket tcp_socket } name_bind;
Chris PeBenito 31b7c0
dontaudit yppasswdd_t reserved_port_type:{ tcp_socket udp_socket } name_bind;
Chris PeBenito 31b7c0
allow yppasswdd_t self:netlink_route_socket r_netlink_socket_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0
allow yppasswdd_t { etc_t etc_runtime_t }:file { getattr read };
Chris PeBenito 31b7c0
allow yppasswdd_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 31b7c0
allow yppasswdd_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 31b7c0
file_type_auto_trans(yppasswdd_t, etc_t, shadow_t, file)
Chris PeBenito 31b7c0
allow yppasswdd_t { etc_t shadow_t }:file { relabelfrom relabelto };
Chris PeBenito 31b7c0
can_setfscreate(yppasswdd_t)
Chris PeBenito 31b7c0
allow yppasswdd_t proc_t:file getattr;
Chris PeBenito 31b7c0
allow yppasswdd_t { bin_t sbin_t }:dir search;
Chris PeBenito 31b7c0
allow yppasswdd_t bin_t:lnk_file read;
Chris PeBenito 31b7c0
can_exec(yppasswdd_t, { bin_t shell_exec_t hostname_exec_t })
Chris PeBenito 31b7c0
allow yppasswdd_t self:fifo_file rw_file_perms;
Chris PeBenito 31b7c0
rw_dir_create_file(yppasswdd_t, var_yp_t)