rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/yppasswdd.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   ba35e4d410e53e771fdce6210ccab352c7f931d8
  2.   strict
  3.   domains
  4.   program
  5.   yppasswdd.te
Blob History Raw
Chris PeBenito 77f6e2 
#DESC yppassdd - NIS password update daemon
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# Authors:  Dan Walsh <dwalsh@redhat.com>
Chris PeBenito 77f6e2 
# Depends: portmap.te
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
#################################
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# Rules for the yppasswdd_t domain.
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
daemon_domain(yppasswdd, `, auth_write, privowner')
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
# Use capabilities.
Chris PeBenito 77f6e2 
allow yppasswdd_t self:capability { net_bind_service };
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
# Use the network.
Chris PeBenito 77f6e2 
can_network_server(yppasswdd_t)
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
read_sysctl(yppasswdd_t)
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
# Send to portmap and initrc.
Chris PeBenito 77f6e2 
can_udp_send(yppasswdd_t, portmap_t)
Chris PeBenito 77f6e2 
can_udp_send(yppasswdd_t, initrc_t)
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
allow yppasswdd_t reserved_port_t:{ udp_socket tcp_socket } name_bind;
Chris PeBenito 77f6e2 
dontaudit yppasswdd_t reserved_port_type:{ tcp_socket udp_socket } name_bind;
Chris PeBenito 77f6e2 
allow yppasswdd_t self:netlink_route_socket r_netlink_socket_perms;
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
allow yppasswdd_t { etc_t etc_runtime_t }:file { getattr read };
Chris PeBenito 77f6e2 
allow yppasswdd_t self:unix_dgram_socket create_socket_perms;
Chris PeBenito 77f6e2 
allow yppasswdd_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 77f6e2 
file_type_auto_trans(yppasswdd_t, etc_t, shadow_t, file)
Chris PeBenito 77f6e2 
allow yppasswdd_t { etc_t shadow_t }:file { relabelfrom relabelto };
Chris PeBenito 77f6e2 
can_setfscreate(yppasswdd_t)
Chris PeBenito 77f6e2 
allow yppasswdd_t proc_t:file getattr;
Chris PeBenito 77f6e2 
allow yppasswdd_t { bin_t sbin_t }:dir search;
Chris PeBenito 77f6e2 
allow yppasswdd_t bin_t:lnk_file read;
Chris PeBenito 77f6e2 
can_exec(yppasswdd_t, { bin_t shell_exec_t hostname_exec_t })
Chris PeBenito 77f6e2 
allow yppasswdd_t self:fifo_file rw_file_perms;
Chris PeBenito 77f6e2 
rw_dir_create_file(yppasswdd_t, var_yp_t)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation