Blame strict/domains/program/radvd.te
|
Chris PeBenito |
0fbfa5 |
#DESC Radv - IPv6 route advisory daemon
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: radvd
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the radvd_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(radvd)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
etc_domain(radvd)
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t etc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t self:{ rawip_socket unix_dgram_socket } rw_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
2705f9 |
allow radvd_t self:capability { setgid setuid net_raw };
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t self:{ unix_dgram_socket rawip_socket } create;
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_network_server(radvd_t)
|
|
Chris PeBenito |
2705f9 |
can_ypbind(radvd_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
2705f9 |
allow radvd_t { proc_t proc_net_t }:dir r_dir_perms;
|
|
Chris PeBenito |
2705f9 |
allow radvd_t { proc_t proc_net_t }:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t etc_t:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t sysctl_net_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow radvd_t sysctl_net_t:dir r_dir_perms;
|