Blob Blame History Raw
#DESC dante - socks daemon
#
# Author: petre rodan <kaiowas@gentoo.org>
#

type dante_conf_t, file_type, sysadmfile;
type socks_port_t, port_type;

daemon_domain(dante)
can_network_server(dante_t)

allow dante_t self:fifo_file { read write };
allow dante_t self:capability { setuid };
allow dante_t self:unix_dgram_socket { connect create write };
allow dante_t self:unix_stream_socket { connect create read setopt write };

allow dante_t socks_port_t:tcp_socket name_bind;

allow dante_t { etc_t etc_runtime_t }:file r_file_perms;
r_dir_file(dante_t, dante_conf_t)