Tree - rpms/selinux-policy - CentOS Git server

Blob History Raw

Chris PeBenito	0fbfa5	`#DESC dmesg - control kernel ring buffer`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# Author: Dan Walsh dwalsh@redhat.com`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# X-Debian-Packages: util-linux`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`#################################`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# Rules for the dmesg_t domain.`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# dmesg_exec_t is the type of the dmesg executable.`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# while sysadm_t has the sys_admin capability there is no point in using`
Chris PeBenito	0fbfa5	`# dmesg_t when run from sysadm_t, so we use nosysadm.`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	daemon_base_domain(dmesg, , `nosysadm')
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# Rules used for dmesg`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`allow dmesg_t self:capability sys_admin;`
Chris PeBenito	0fbfa5	`allow dmesg_t kernel_t:system { syslog_read syslog_console syslog_mod };`
Chris PeBenito	0fbfa5	`allow dmesg_t admin_tty_type:chr_file { getattr read write };`
Chris PeBenito	0fbfa5	`allow dmesg_t sysadm_tty_device_t:chr_file ioctl;`
Chris PeBenito	0fbfa5	`allow dmesg_t var_log_t:file { getattr write };`
Chris PeBenito	0fbfa5	`read_locale(dmesg_t)`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`# for when /usr is not mounted`
Chris PeBenito	0fbfa5	`dontaudit dmesg_t file_t:dir search;`