| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224 |
- policy_module(unconfined, 3.6.2)
- ########################################
- #
- # Declarations
- #
- # usage in this module of types created by these
- # calls is not correct, however we dont currently
- # have another method to add access to these types
- userdom_base_user_template(unconfined)
- userdom_manage_home_role(unconfined_r, unconfined_t)
- userdom_manage_tmp_role(unconfined_r, unconfined_t)
- userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
- type unconfined_exec_t;
- init_system_domain(unconfined_t, unconfined_exec_t)
- type unconfined_execmem_t;
- type unconfined_execmem_exec_t;
- init_system_domain(unconfined_execmem_t, unconfined_execmem_exec_t)
- role unconfined_r types unconfined_execmem_t;
- ########################################
- #
- # Local policy
- #
- domtrans_pattern(unconfined_t, unconfined_execmem_exec_t, unconfined_execmem_t)
- files_create_boot_flag(unconfined_t)
- mcs_killall(unconfined_t)
- mcs_ptrace_all(unconfined_t)
- libs_run_ldconfig(unconfined_t, unconfined_r)
- logging_send_syslog_msg(unconfined_t)
- logging_run_auditctl(unconfined_t, unconfined_r)
- mount_run_unconfined(unconfined_t, unconfined_r)
- seutil_run_setfiles(unconfined_t, unconfined_r)
- seutil_run_semanage(unconfined_t, unconfined_r)
- unconfined_domain(unconfined_t)
- userdom_user_home_dir_filetrans_user_home_content(unconfined_t, { dir file lnk_file fifo_file sock_file })
- ifdef(`direct_sysadm_daemon',`
- optional_policy(`
- init_run_daemon(unconfined_t, unconfined_r)
- ')
- ',`
- ifdef(`distro_gentoo',`
- seutil_run_runinit(unconfined_t, unconfined_r)
- seutil_init_script_run_runinit(unconfined_t, unconfined_r)
- ')
- ')
- optional_policy(`
- systemd_config_all_services(unconfined_t)
- init_status(unconfined_t)
- ')
- optional_policy(`
- ada_domtrans(unconfined_t)
- ')
- optional_policy(`
- apache_run_helper(unconfined_t, unconfined_r)
- apache_role(unconfined_r, unconfined_t)
- ')
- optional_policy(`
- bind_run_ndc(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- bootloader_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- cron_unconfined_role(unconfined_r, unconfined_t)
- ')
- optional_policy(`
- dpkg_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- firstboot_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- ftp_run_ftpdctl(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- hadoop_role(unconfined_r, unconfined_t)
- ')
- optional_policy(`
- inn_domtrans(unconfined_t)
- ')
- optional_policy(`
- java_run_unconfined(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- lpd_run_checkpc(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- modutils_run_update_mods(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- mono_domtrans(unconfined_t)
- ')
- optional_policy(`
- mta_role(unconfined_r, unconfined_t)
- ')
- optional_policy(`
- oddjob_domtrans_mkhomedir(unconfined_t)
- ')
- optional_policy(`
- portage_run(unconfined_t, unconfined_r)
- portage_run_fetch(unconfined_t, unconfined_r)
- portage_run_gcc_config(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- prelink_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- portmap_run_helper(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- postfix_run_map(unconfined_t, unconfined_r)
- # cjp: this should probably be removed:
- postfix_domtrans_master(unconfined_t)
- gen_require(`
- type postfix_master_t;
- ')
- role unconfined_r types postfix_master_t;
- ')
- optional_policy(`
- pyzor_role(unconfined_r, unconfined_t)
- ')
- optional_policy(`
- # cjp: this should probably be removed:
- rpc_domtrans_nfsd(unconfined_t)
- ')
- optional_policy(`
- rtkit_scheduled(unconfined_t)
- ')
- optional_policy(`
- rpm_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- samba_run_net(unconfined_t, unconfined_r)
- samba_run_winbind_helper(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- spamassassin_role(unconfined_r, unconfined_t)
- ')
- optional_policy(`
- sysnet_run_dhcpc(unconfined_t, unconfined_r)
- sysnet_dbus_chat_dhcpc(unconfined_t)
- ')
- optional_policy(`
- tzdata_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- unconfined_dbus_chat(unconfined_t)
- ')
- optional_policy(`
- usermanage_run_admin_passwd(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- vpn_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- webalizer_run(unconfined_t, unconfined_r)
- ')
- optional_policy(`
- wine_domtrans(unconfined_t)
- ')
- optional_policy(`
- git_exec(unconfined_t)
- ')
- ########################################
- #
- # Unconfined Execmem Local policy
- #
- allow unconfined_execmem_t self:process { execstack execmem };
- unconfined_domain_noaudit(unconfined_execmem_t)
- optional_policy(`
- unconfined_dbus_chat(unconfined_execmem_t)
- ')
|
