Chris PeBenito 0fbfa5
#DESC canna - A Japanese character set input system.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Authors: Dan Walsh <dwalsh@redhat.com>
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
#################################
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Rules for the canna_t domain.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
daemon_domain(canna)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
file_type_auto_trans(canna_t, var_run_t, canna_var_run_t, sock_file)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
logdir_domain(canna)
Chris PeBenito 0fbfa5
var_lib_domain(canna)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow canna_t self:capability { setgid setuid net_bind_service };
Chris PeBenito 0fbfa5
allow canna_t tmp_t:dir { search };
Chris PeBenito 0fbfa5
allow canna_t self:unix_stream_socket { connectto create_stream_socket_perms};
Chris PeBenito 0fbfa5
allow canna_t self:unix_dgram_socket create_stream_socket_perms;
Chris PeBenito 0fbfa5
allow canna_t etc_t:file { getattr read };
Chris PeBenito 0fbfa5
allow canna_t usr_t:file { getattr read };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow canna_t proc_t:file r_file_perms;
Chris PeBenito 0fbfa5
allow canna_t etc_runtime_t:file r_file_perms;
Chris PeBenito 0fbfa5
allow canna_t canna_var_lib_t:dir create;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
rw_dir_create_file(canna_t, canna_var_lib_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
can_network_tcp(canna_t)
Chris PeBenito 2705f9
allow canna_t port_type:tcp_socket name_connect;
Chris PeBenito 0fbfa5
can_ypbind(canna_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
allow userdomain canna_var_run_t:dir search;
Chris PeBenito 0fbfa5
allow userdomain canna_var_run_t:sock_file write;
Chris PeBenito 0fbfa5
can_unix_connect(userdomain, canna_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
ifdef(`i18n_input.te', `
Chris PeBenito 0fbfa5
allow i18n_input_t canna_var_run_t:dir search;
Chris PeBenito 0fbfa5
allow i18n_input_t canna_var_run_t:sock_file write;
Chris PeBenito 0fbfa5
can_unix_connect(i18n_input_t, canna_t)
Chris PeBenito 0fbfa5
')
Chris PeBenito 0fbfa5
Chris PeBenito 2705f9
dontaudit canna_t kernel_t:fd use;
Chris PeBenito 2705f9
dontaudit canna_t root_t:file read;