Blame targeted/domains/program/avahi.te
|
Chris PeBenito |
062e17 |
#DESC avahi - mDNS/DNS-SD daemon implementing Appleās ZeroConf architecture
|
|
Chris PeBenito |
062e17 |
#
|
|
Chris PeBenito |
062e17 |
# Author: Dan Walsh <dwalsh@redhat.com>
|
|
Chris PeBenito |
062e17 |
#
|
|
Chris PeBenito |
062e17 |
|
|
Chris PeBenito |
062e17 |
daemon_domain(avahi, `, privsysmod')
|
|
Chris PeBenito |
062e17 |
r_dir_file(avahi_t, proc_net_t)
|
|
Chris PeBenito |
062e17 |
can_network_server(avahi_t)
|
|
Chris PeBenito |
062e17 |
can_ypbind(avahi_t)
|
|
Chris PeBenito |
062e17 |
allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
|
Chris PeBenito |
062e17 |
allow avahi_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
062e17 |
allow avahi_t self:capability { dac_override setgid chown kill setuid };
|
|
Chris PeBenito |
062e17 |
allow avahi_t urandom_device_t:chr_file r_file_perms;
|
|
Chris PeBenito |
062e17 |
allow avahi_t howl_port_t:{ udp_socket tcp_socket } name_bind;
|
|
Chris PeBenito |
062e17 |
allow avahi_t self:fifo_file { read write };
|
|
Chris PeBenito |
062e17 |
allow avahi_t self:netlink_route_socket r_netlink_socket_perms;
|
|
Chris PeBenito |
062e17 |
allow avahi_t self:process setrlimit;
|
|
Chris PeBenito |
062e17 |
allow avahi_t etc_t:file { getattr read };
|
|
Chris PeBenito |
062e17 |
allow avahi_t initrc_t:process { signal signull };
|
|
Chris PeBenito |
062e17 |
allow avahi_t system_dbusd_t:dbus { acquire_svc send_msg };
|
|
Chris PeBenito |
062e17 |
allow avahi_t avahi_var_run_t:dir setattr;
|
|
Chris PeBenito |
062e17 |
allow avahi_t avahi_var_run_t:sock_file create_file_perms;
|
|
Chris PeBenito |
062e17 |
|
|
Chris PeBenito |
062e17 |
ifdef(`dbusd.te', `
|
|
Chris PeBenito |
062e17 |
dbusd_client(system, avahi)
|
|
Chris PeBenito |
062e17 |
allow avahi_t unconfined_t:dbus send_msg;
|
|
Chris PeBenito |
062e17 |
allow unconfined_t avahi_t:dbus send_msg;
|
|
Chris PeBenito |
062e17 |
')
|
|
Chris PeBenito |
062e17 |
|