| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- policy_module(xonotic, 0.1.7)
- ########################################
- #
- # Declarations
- #
- attribute_role xonotic_roles;
- type xonotic_t;
- type xonotic_exec_t;
- init_daemon_domain(xonotic_t, xonotic_exec_t)
- role xonotic_roles types xonotic_t;
- type xonotic_initrc_exec_t;
- init_script_file(xonotic_initrc_exec_t);
- type xonotic_var_log_t;
- logging_log_file(xonotic_var_log_t)
- type xonotic_opt_t;
- files_type(xonotic_opt_t)
- ########################################
- #
- # Local policy
- #
- allow xonotic_t self:udp_socket create_socket_perms;
- allow xonotic_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
- allow xonotic_t self:tcp_socket { write getattr connect read getopt create };
- manage_dirs_pattern(xonotic_t, xonotic_var_log_t, xonotic_var_log_t)
- append_files_pattern(xonotic_t, xonotic_var_log_t, xonotic_var_log_t)
- create_files_pattern(xonotic_t, xonotic_var_log_t, xonotic_var_log_t)
- logging_log_filetrans(xonotic_t, xonotic_var_log_t, file)
- manage_dirs_pattern(xonotic_t, xonotic_opt_t, xonotic_opt_t)
- manage_files_pattern(xonotic_t, xonotic_opt_t, xonotic_opt_t)
- type_transition xonotic_t xonotic_opt_t:file xonotic_opt_t;
- corenet_udp_bind_generic_node(xonotic_t)
- kernel_read_system_state(xonotic_t)
- kernel_read_crypto_sysctls(xonotic_t)
- corenet_udp_bind_all_unreserved_ports(xonotic_t)
- dev_read_urand(xonotic_t)
- auth_use_nsswitch(xonotic_t)
- corenet_tcp_connect_all_reserved_ports(xonotic_t)
- sysnet_read_config(xonotic_t)
- miscfiles_read_localization(xonotic_t)
- supervisor_service_domain(xonotic_t,xonotic_exec_t)
- optional_policy(`
- gen_require(`
- type supervisor_t;
- ')
- allow supervisor_t xonotic_opt_t:dir search;
- ')
-
|
