Blame strict/domains/program/unused/clockspeed.te
|
Chris PeBenito |
2705f9 |
#DESC clockspeed - Simple network time protocol client
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
# Author Petre Rodan <kaiowas@gentoo.org>
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
daemon_base_domain(clockspeed)
|
|
Chris PeBenito |
2705f9 |
var_lib_domain(clockspeed)
|
|
Chris PeBenito |
2705f9 |
can_network(clockspeed_t)
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t port_type:tcp_socket name_connect;
|
|
Chris PeBenito |
2705f9 |
read_locale(clockspeed_t)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t self:capability { sys_time net_bind_service };
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t clockspeed_port_t:udp_socket name_bind;
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t domain:packet_socket recvfrom;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t var_t:dir search;
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t clockspeed_var_lib_t:file create_file_perms;
|
|
Chris PeBenito |
2705f9 |
allow clockspeed_t clockspeed_var_lib_t:fifo_file create_file_perms;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# sysadm can play with clockspeed
|
|
Chris PeBenito |
2705f9 |
role sysadm_r types clockspeed_t;
|
|
Chris PeBenito |
a08248 |
ifdef(`targeted_policy', `', `
|
|
Chris PeBenito |
2705f9 |
domain_auto_trans( sysadm_t, clockspeed_exec_t, clockspeed_t)
|
|
Chris PeBenito |
a08248 |
')
|