|
Chris PeBenito |
0fbfa5 |
#DESC ddclient - Update dynamic IP address at DynDNS.org
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Author: Greg Norris <haphazard@kc.rr.com>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: ddclient
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the ddclient_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(ddclient);
|
|
Chris PeBenito |
0fbfa5 |
type ddclient_etc_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
type ddclient_var_t, file_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
log_domain(ddclient)
|
|
Chris PeBenito |
0fbfa5 |
var_lib_domain(ddclient)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
base_file_read_access(ddclient_t)
|
|
Chris PeBenito |
0fbfa5 |
can_exec(ddclient_t, { shell_exec_t bin_t })
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# ddclient can be launched by pppd
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`pppd.te',`domain_auto_trans(pppd_t, ddclient_exec_t, ddclient_t)')
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# misc. requirements
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t self:socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t etc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t etc_runtime_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t ifconfig_exec_t:file { rx_file_perms execute_no_trans };
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t urandom_device_t:chr_file { read };
|
|
Chris PeBenito |
0fbfa5 |
general_proc_read_access(ddclient_t)
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t sysctl_net_t:dir { search };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# network-related goodies
|
|
Chris PeBenito |
0fbfa5 |
can_network_client(ddclient_t)
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# allow access to ddclient.conf and ddclient.cache
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t ddclient_etc_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t ddclient_var_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ddclient_t ddclient_var_t:file create_file_perms;
|