Blame strict/domains/program/hostname.te
|
Chris PeBenito |
0fbfa5 |
#DESC hostname - show or set the system host name
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: hostname
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for setting the hostname
|
|
Chris PeBenito |
0fbfa5 |
daemon_base_domain(hostname, , nosysadm)
|
|
Chris PeBenito |
0fbfa5 |
role sysadm_r types hostname_t;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t self:capability sys_admin;
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t etc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t { user_tty_type admin_tty_type }:chr_file { getattr read write };
|
|
Chris PeBenito |
0fbfa5 |
read_locale(hostname_t)
|
|
Chris PeBenito |
0fbfa5 |
can_resolve(hostname_t)
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t userdomain:fd use;
|
|
Chris PeBenito |
0fbfa5 |
dontaudit hostname_t kernel_t:fd use;
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t net_conf_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t self:unix_stream_socket create_stream_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
dontaudit hostname_t var_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t fs_t:filesystem getattr;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for when /usr is not mounted
|
|
Chris PeBenito |
0fbfa5 |
dontaudit hostname_t file_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`distro_redhat', `
|
|
Chris PeBenito |
0fbfa5 |
allow hostname_t tmpfs_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
')
|