|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
29af4c |
policy_module(rpcbind, 1.5.0)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
########################################
|
|
Chris PeBenito |
7b61fe |
#
|
|
Chris PeBenito |
7b61fe |
# Declarations
|
|
Chris PeBenito |
7b61fe |
#
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
type rpcbind_t;
|
|
Chris PeBenito |
7b61fe |
type rpcbind_exec_t;
|
|
Chris PeBenito |
7b61fe |
init_daemon_domain(rpcbind_t, rpcbind_exec_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
658f4d |
type rpcbind_initrc_exec_t;
|
|
Chris PeBenito |
658f4d |
init_script_file(rpcbind_initrc_exec_t)
|
|
Chris PeBenito |
658f4d |
|
|
Chris PeBenito |
7b61fe |
type rpcbind_var_run_t;
|
|
Chris PeBenito |
7b61fe |
files_pid_file(rpcbind_var_run_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
type rpcbind_var_lib_t;
|
|
Chris PeBenito |
7b61fe |
files_type(rpcbind_var_lib_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
########################################
|
|
Chris PeBenito |
7b61fe |
#
|
|
Chris PeBenito |
7b61fe |
# rpcbind local policy
|
|
Chris PeBenito |
7b61fe |
#
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
658f4d |
allow rpcbind_t self:capability { dac_override setgid setuid sys_tty_config };
|
|
Chris PeBenito |
7b61fe |
allow rpcbind_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
7b61fe |
allow rpcbind_t self:unix_stream_socket create_stream_socket_perms;
|
|
Chris PeBenito |
7b61fe |
allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms;
|
|
Chris PeBenito |
7b61fe |
allow rpcbind_t self:udp_socket create_socket_perms;
|
|
Chris PeBenito |
7b61fe |
allow rpcbind_t self:tcp_socket create_stream_socket_perms;
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
0bfccd |
manage_files_pattern(rpcbind_t, rpcbind_var_run_t, rpcbind_var_run_t)
|
|
Chris PeBenito |
0bfccd |
manage_sock_files_pattern(rpcbind_t, rpcbind_var_run_t, rpcbind_var_run_t)
|
|
Chris PeBenito |
0bfccd |
files_pid_filetrans(rpcbind_t, rpcbind_var_run_t, { file sock_file })
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
0bfccd |
manage_dirs_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
|
|
Chris PeBenito |
0bfccd |
manage_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
|
|
Chris PeBenito |
0bfccd |
manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
|
|
Chris PeBenito |
0bfccd |
files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
658f4d |
kernel_read_system_state(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
kernel_read_network_state(rpcbind_t)
|
|
Chris PeBenito |
ff785b |
kernel_request_load_module(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
corenet_all_recvfrom_unlabeled(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
corenet_all_recvfrom_netlabel(rpcbind_t)
|
|
Chris PeBenito |
668b30 |
corenet_tcp_sendrecv_generic_if(rpcbind_t)
|
|
Chris PeBenito |
668b30 |
corenet_udp_sendrecv_generic_if(rpcbind_t)
|
|
Chris PeBenito |
c12621 |
corenet_tcp_sendrecv_generic_node(rpcbind_t)
|
|
Chris PeBenito |
c12621 |
corenet_udp_sendrecv_generic_node(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
corenet_tcp_sendrecv_all_ports(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
corenet_udp_sendrecv_all_ports(rpcbind_t)
|
|
Chris PeBenito |
c12621 |
corenet_tcp_bind_generic_node(rpcbind_t)
|
|
Chris PeBenito |
c12621 |
corenet_udp_bind_generic_node(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
corenet_tcp_bind_portmap_port(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
corenet_udp_bind_portmap_port(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
corenet_udp_bind_all_rpc_ports(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
domain_use_interactive_fds(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
files_read_etc_files(rpcbind_t)
|
|
Chris PeBenito |
657c22 |
files_read_etc_runtime_files(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
logging_send_syslog_msg(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
miscfiles_read_localization(rpcbind_t)
|
|
Chris PeBenito |
7b61fe |
|
|
Chris PeBenito |
7b61fe |
sysnet_dns_name_resolve(rpcbind_t)
|
|
Chris PeBenito |
658f4d |
|
|
Chris PeBenito |
658f4d |
ifdef(`hide_broken_symptoms',`
|
|
Chris PeBenito |
658f4d |
dontaudit rpcbind_t self:udp_socket listen;
|
|
Chris PeBenito |
658f4d |
')
|