Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame strict/domains/program/unused/calamaris.te

Blob History Raw

Chris PeBenito	0fbfa5	`#DESC Calamaris - Squid log analysis`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# Author: Russell Coker <russell@coker.com.au>`
Chris PeBenito	0fbfa5	`# X-Debian-Packages: calamaris`
Chris PeBenito	0fbfa5	`# Depends: squid.te`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`#################################`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# Rules for the calamaris_t domain.`
Chris PeBenito	0fbfa5	`#`
Chris PeBenito	0fbfa5	`# calamaris_t is the domain the calamaris process runs in`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	system_domain(calamaris, `, privmail')
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	ifdef(`crond.te', `
Chris PeBenito	0fbfa5	`system_crond_entry(calamaris_exec_t, calamaris_t)`
Chris PeBenito	0fbfa5	`')`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`allow calamaris_t { var_t var_run_t }:dir { getattr search };`
Chris PeBenito	0fbfa5	`allow calamaris_t squid_log_t:dir search;`
Chris PeBenito	0fbfa5	`allow calamaris_t squid_log_t:file { getattr read };`
Chris PeBenito	0fbfa5	`allow calamaris_t { usr_t lib_t }:file { getattr read };`
Chris PeBenito	0fbfa5	`allow calamaris_t usr_t:lnk_file { getattr read };`
Chris PeBenito	0fbfa5	`dontaudit calamaris_t usr_t:file ioctl;`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`type calamaris_www_t, file_type, sysadmfile;`
Chris PeBenito	0fbfa5	ifdef(`apache.te', `
Chris PeBenito	0fbfa5	`allow calamaris_t httpd_sys_content_t:dir search;`
Chris PeBenito	0fbfa5	`')`
Chris PeBenito	0fbfa5	`rw_dir_create_file(calamaris_t, calamaris_www_t)`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`# for when squid has a different UID`
Chris PeBenito	0fbfa5	`allow calamaris_t self:capability dac_override;`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`logdir_domain(calamaris)`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`allow calamaris_t device_t:dir search;`
Chris PeBenito	0fbfa5	`allow calamaris_t devtty_t:chr_file { read write };`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`allow calamaris_t urandom_device_t:chr_file { getattr read };`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`allow calamaris_t self:process { fork signal_perms setsched };`
Chris PeBenito	0fbfa5	`read_sysctl(calamaris_t)`
Chris PeBenito	0fbfa5	`allow calamaris_t proc_t:dir search;`
Chris PeBenito	0fbfa5	`allow calamaris_t proc_t:file { getattr read };`
Chris PeBenito	0fbfa5	`allow calamaris_t { proc_t self }:lnk_file read;`
Chris PeBenito	0fbfa5	`allow calamaris_t self:dir search;`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`allow calamaris_t { bin_t sbin_t }:dir search;`
Chris PeBenito	0fbfa5	`allow calamaris_t bin_t:lnk_file read;`
Chris PeBenito	0fbfa5	`allow calamaris_t etc_runtime_t:file { getattr read };`
Chris PeBenito	0fbfa5	`allow calamaris_t self:fifo_file { getattr read write ioctl };`
Chris PeBenito	0fbfa5	`read_locale(calamaris_t)`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	`can_exec(calamaris_t, bin_t)`
Chris PeBenito	0fbfa5	`allow calamaris_t self:unix_stream_socket create_stream_socket_perms;`
Chris PeBenito	0fbfa5	`allow calamaris_t self:udp_socket create_socket_perms;`
Chris PeBenito	0fbfa5	`allow calamaris_t etc_t:file { getattr read };`
Chris PeBenito	0fbfa5	`allow calamaris_t etc_t:lnk_file read;`
Chris PeBenito	0fbfa5	`dontaudit calamaris_t etc_t:file ioctl;`
Chris PeBenito	0fbfa5	`dontaudit calamaris_t sysadm_home_dir_t:dir { getattr search };`
Chris PeBenito	0fbfa5	`can_network_server(calamaris_t)`
Chris PeBenito	0fbfa5	`can_ypbind(calamaris_t)`
Chris PeBenito	0fbfa5	ifdef(`named.te', `
Chris PeBenito	0fbfa5	`can_udp_send(calamaris_t, named_t)`
Chris PeBenito	0fbfa5	`can_udp_send(named_t, calamaris_t)`
Chris PeBenito	0fbfa5	`')`
Chris PeBenito	0fbfa5
Chris PeBenito	0fbfa5	ifdef(`apache.te', `
Chris PeBenito	0fbfa5	`r_dir_file(httpd_t, calamaris_www_t)`
Chris PeBenito	0fbfa5	`')`

rpms / selinux-policy

Source Code

Blame strict/domains/program/unused/calamaris.te