Blame targeted/domains/program/cvs.te
|
Chris PeBenito |
ab58ad |
#DESC cvs - Concurrent Versions System
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# Author: Dan Walsh <dwalsh@redhat.com>
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# Depends: inetd.te
|
|
Chris PeBenito |
ab58ad |
|
|
Chris PeBenito |
ab58ad |
#################################
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# Rules for the cvs_t domain.
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
# cvs_exec_t is the type of the cvs executable.
|
|
Chris PeBenito |
ab58ad |
#
|
|
Chris PeBenito |
ab58ad |
|
|
Chris PeBenito |
ab58ad |
inetd_child_domain(cvs, tcp)
|
|
Chris PeBenito |
ab58ad |
typeattribute cvs_t privmail;
|
|
Chris PeBenito |
ab58ad |
typeattribute cvs_t auth_chkpwd;
|
|
Chris PeBenito |
ab58ad |
|
|
Chris PeBenito |
ab58ad |
type cvs_data_t, file_type, sysadmfile, customizable;
|
|
Chris PeBenito |
ab58ad |
create_dir_file(cvs_t, cvs_data_t)
|
|
Chris PeBenito |
ab58ad |
can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
|
|
Chris PeBenito |
ab58ad |
allow cvs_t bin_t:dir search;
|
|
Chris PeBenito |
ab58ad |
allow cvs_t { bin_t sbin_t }:lnk_file read;
|
|
Chris PeBenito |
ab58ad |
allow cvs_t etc_runtime_t:file { getattr read };
|
|
Chris PeBenito |
ab58ad |
allow system_mail_t cvs_data_t:file { getattr read };
|
|
Chris PeBenito |
ab58ad |
dontaudit cvs_t devtty_t:chr_file { read write };
|
|
Chris PeBenito |
ab58ad |
ifdef(`kerberos.te', `
|
|
Chris PeBenito |
ab58ad |
# Allow kerberos to work
|
|
Chris PeBenito |
ab58ad |
allow cvs_t { krb5_keytab_t krb5_conf_t }:file r_file_perms;
|
|
Chris PeBenito |
ab58ad |
dontaudit cvs_t krb5_conf_t:file write;
|
|
Chris PeBenito |
ab58ad |
')
|
|
Chris PeBenito |
ab58ad |
|