|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(turnserver, 0.1.8)
|
|
|
+policy_module(turnserver, 0.1.9)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
|
@@ -23,6 +23,8 @@ files_pid_file(turnserver_var_run_t)
|
|
|
type turnserver_var_log_t;
|
|
|
logging_log_file(turnserver_var_log_t)
|
|
|
|
|
|
+type turnserver_var_t;
|
|
|
+files_type(turnserver_var_t)
|
|
|
|
|
|
type turnserver_tmp_t;
|
|
|
files_tmp_file(turnserver_tmp_t)
|
|
|
@@ -34,10 +36,14 @@ files_tmp_file(turnserver_tmp_t)
|
|
|
|
|
|
allow turnserver_t self:tcp_socket { bind create setopt listen };
|
|
|
allow turnserver_t self:udp_socket { getopt create setopt bind };
|
|
|
-allow turnserver_t self:capability { setuid setgid dac_override };
|
|
|
+allow turnserver_t self:capability { setuid setgid };
|
|
|
allow turnserver_t self:process signal;
|
|
|
allow turnserver_t self:tcp_socket accept;
|
|
|
+allow turnserver_t self:rawip_socket { bind create listen setopt };
|
|
|
|
|
|
+manage_dirs_pattern(turnserver_t, turnserver_var_t, turnserver_var_t)
|
|
|
+manage_files_pattern(turnserver_t, turnserver_var_t, turnserver_var_t)
|
|
|
+type_transition turnserver_t turnserver_var_t:file turnserver_var_t;
|
|
|
|
|
|
read_files_pattern(turnserver_t, turnserver_etc_t, turnserver_etc_t)
|
|
|
|
|
|
@@ -58,7 +64,18 @@ corenet_udp_bind_all_unreserved_ports(turnserver_t)
|
|
|
|
|
|
corenet_tcp_bind_generic_node(turnserver_t)
|
|
|
corenet_udp_bind_generic_node(turnserver_t)
|
|
|
+corenet_raw_bind_generic_node(turnserver_t)
|
|
|
|
|
|
miscfiles_read_localization(turnserver_t)
|
|
|
dev_read_urand(turnserver_t)
|
|
|
auth_use_nsswitch(turnserver_t)
|
|
|
+
|
|
|
+kernel_request_load_module(turnserver_t)
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type port_t;
|
|
|
+ ')
|
|
|
+ allow turnserver_t port_t:rawip_socket name_bind;
|
|
|
+')
|
|
|
+
|
