Blame strict/domains/program/unused/ciped.te
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
daemon_base_domain(ciped)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for SSP
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t urandom_device_t:chr_file read;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
2705f9 |
# cipe uses the afs3-bos port (udp 7007)
|
|
Chris PeBenito |
2705f9 |
allow ciped_t afs_bos_port_t:udp_socket name_bind;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_network_udp(ciped_t)
|
|
Chris PeBenito |
0fbfa5 |
can_ypbind(ciped_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t devpts_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t devtty_t:chr_file { read write };
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t etc_runtime_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t etc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t proc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t { bin_t sbin_t }:dir { getattr search read };
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t bin_t:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
can_exec(ciped_t, { bin_t ciped_exec_t shell_exec_t })
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
read_locale(ciped_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t self:capability { net_admin ipc_lock sys_tty_config };
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow ciped_t random_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
dontaudit ciped_t var_t:dir search;
|