hostname.te 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
  1. policy_module(hostname, 1.9.1)
  2. ########################################
  3. #
  4. # Declarations
  5. #
  6. type hostname_t;
  7. type hostname_exec_t;
  8. init_system_domain(hostname_t, hostname_exec_t)
  9. role system_r types hostname_t;
  10. ########################################
  11. #
  12. # Local policy
  13. #
  14. # for setting the hostname
  15. allow hostname_t self:process { sigchld sigkill sigstop signull signal };
  16. allow hostname_t self:capability sys_admin;
  17. allow hostname_t self:unix_stream_socket create_stream_socket_perms;
  18. dontaudit hostname_t self:capability sys_tty_config;
  19. kernel_list_proc(hostname_t)
  20. kernel_read_proc_symlinks(hostname_t)
  21. # for when /usr is not mounted:
  22. kernel_dontaudit_search_unlabeled(hostname_t)
  23. dev_read_sysfs(hostname_t)
  24. # Early devtmpfs, before udev relabel
  25. dev_dontaudit_rw_generic_chr_files(hostname_t)
  26. domain_use_interactive_fds(hostname_t)
  27. files_read_etc_files(hostname_t)
  28. files_dontaudit_search_var(hostname_t)
  29. fs_getattr_xattr_fs(hostname_t)
  30. fs_search_auto_mountpoints(hostname_t)
  31. fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
  32. term_dontaudit_use_console(hostname_t)
  33. term_use_all_ttys(hostname_t)
  34. term_use_all_ptys(hostname_t)
  35. init_use_fds(hostname_t)
  36. init_use_script_fds(hostname_t)
  37. init_use_script_ptys(hostname_t)
  38. logging_send_syslog_msg(hostname_t)
  39. miscfiles_read_localization(hostname_t)
  40. sysnet_dontaudit_rw_dhcpc_udp_sockets(hostname_t)
  41. sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
  42. sysnet_read_config(hostname_t)
  43. sysnet_dns_name_resolve(hostname_t)
  44. dev_read_urand(hostname_t)
  45. ifdef(`distro_debian',`
  46. term_dontaudit_use_unallocated_ttys(hostname_t)
  47. ')
  48. optional_policy(`
  49. nis_use_ypbind(hostname_t)
  50. ')
  51. optional_policy(`
  52. xen_append_log(hostname_t)
  53. xen_dontaudit_use_fds(hostname_t)
  54. ')
  55. optional_policy(`
  56. unconfined_dontaudit_rw_pipes(hostname_t)
  57. ')