Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame targeted/macros/program/razor_macros.te

Blob History Raw

Chris PeBenito	ab58ad	`#`
Chris PeBenito	ab58ad	`# Razor - Razor is a collaborative, networked system to detect and`
Chris PeBenito	ab58ad	`# block spam using identifying digests of messages.`
Chris PeBenito	ab58ad	`#`
Chris PeBenito	ab58ad	`# Author: David Hampton <hampton@employees.org>`
Chris PeBenito	ab58ad	`#`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`##########`
Chris PeBenito	ab58ad	`# common definitions for razord and all flavors of razor`
Chris PeBenito	ab58ad	`##########`
Chris PeBenito	ab58ad	define(`razor_base_domain',`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Razor is one executable and several symlinks`
Chris PeBenito	ab58ad	`allow $1_t razor_exec_t:{ file lnk_file } { getattr read };`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Networking`
Chris PeBenito	ab58ad	`can_network_client_tcp($1_t, razor_port_t)`
Chris PeBenito	ab58ad	`can_resolve($1_t);`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`general_proc_read_access($1_t)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Read system config file`
Chris PeBenito	ab58ad	`r_dir_file($1_t, razor_etc_t)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Update razor common files`
Chris PeBenito	ab58ad	`file_type_auto_trans($1_t, var_log_t, razor_log_t, file)`
Chris PeBenito	ab58ad	`create_dir_file($1_t, razor_log_t)`
Chris PeBenito	ab58ad	`allow $1_t var_lib_t:dir search;`
Chris PeBenito	ab58ad	`create_dir_file($1_t, razor_var_lib_t)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`allow $1_t bin_t:dir { getattr search };`
Chris PeBenito	ab58ad	`allow $1_t bin_t:file getattr;`
Chris PeBenito	ab58ad	`allow $1_t lib_t:file { getattr read };`
Chris PeBenito	ab58ad	`allow $1_t { var_t var_run_t }:dir search;`
Chris PeBenito	ab58ad	`uses_shlib($1_t)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Razor forks other programs to do part of its work.`
Chris PeBenito	ab58ad	`general_domain_access($1_t)`
Chris PeBenito	ab58ad	`can_exec($1_t, bin_t)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# mktemp and other randoms`
Chris PeBenito	ab58ad	`allow $1_t { random_device_t urandom_device_t }:chr_file r_file_perms;`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Allow access to various files in the /etc/directory including mtab`
Chris PeBenito	ab58ad	`# and nsswitch`
Chris PeBenito	ab58ad	`allow $1_t { etc_t etc_runtime_t }:file { getattr read };`
Chris PeBenito	ab58ad	`read_locale($1_t)`
Chris PeBenito	ab58ad	`')`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`#`
Chris PeBenito	ab58ad	`# Define a user domain for a razor`
Chris PeBenito	ab58ad	`#`
Chris PeBenito	ab58ad	`# Note: expects to be called with an argument of user, sysadm`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	define(`razor_domain',`
Chris PeBenito	ab58ad	`type $1_razor_t, domain, privlog, nscd_client_domain;`
Chris PeBenito	ab58ad	`role $1_r types $1_razor_t;`
Chris PeBenito	ab58ad	`domain_auto_trans($1_t, razor_exec_t, $1_razor_t)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`razor_base_domain($1_razor)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Per-user config/data files`
Chris PeBenito	ab58ad	`home_domain($1, razor)`
Chris PeBenito	ab58ad	`file_type_auto_trans($1_razor_t, $1_home_dir_t, $1_razor_home_t, dir)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`tmp_domain($1_razor)`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`allow $1_razor_t self:unix_stream_socket create_stream_socket_perms;`
Chris PeBenito	ab58ad
Chris PeBenito	ab58ad	`# Allow razor to be run by hand. Needed by any action other than`
Chris PeBenito	ab58ad	`# invocation from a spam filter.`
Chris PeBenito	ab58ad	`can_access_pty($1_razor_t, $1)`
Chris PeBenito	ab58ad	`allow $1_razor_t sshd_t:fd use;`
Chris PeBenito	ab58ad	`')`

rpms / selinux-policy

Source Code

Blame targeted/macros/program/razor_macros.te