12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 |
- policy_module(atop, 0.1.12)
- ########################################
- #
- # Declarations
- #
- attribute_role atop_roles;
- type atop_t;
- type atop_exec_t;
- init_daemon_domain(atop_t, atop_exec_t)
- role atop_roles types atop_t;
- type atop_initrc_exec_t;
- init_script_file(atop_initrc_exec_t)
- type atop_var_log_t;
- logging_log_file(atop_var_log_t)
- type atop_var_run_t;
- files_pid_file(atop_var_run_t)
- type atop_var_cache_t;
- files_type(atop_var_cache_t)
- ########################################
- #
- # Local policy
- #
- allow atop_t atop_exec_t:file execute_no_trans;
- allow atop_t self:capability { setuid sys_nice sys_resource ipc_lock sys_pacct dac_override net_raw sys_ptrace };
- allow atop_t self:process { setsched sigkill setrlimit setpgid };
- allow atop_t self:sem { write read create unix_write unix_read };
- allow atop_t self:udp_socket { create ioctl };
- allow atop_t self:sem associate;
- allow atop_t self:rawip_socket { create getopt };
- manage_dirs_pattern(atop_t, atop_var_log_t, atop_var_log_t)
- append_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
- create_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
- setattr_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
- rw_files_pattern(atop_t, atop_var_log_t, atop_var_log_t)
- logging_log_filetrans(atop_t, atop_var_log_t, file)
- manage_dirs_pattern(atop_t, atop_var_cache_t, atop_var_cache_t)
- manage_files_pattern(atop_t, atop_var_cache_t, atop_var_cache_t)
- manage_dirs_pattern(atop_t, atop_var_run_t, atop_var_run_t)
- manage_files_pattern(atop_t, atop_var_run_t, atop_var_run_t)
- files_pid_filetrans(atop_t, atop_var_run_t, { file dir })
- gen_require(`
- type bin_t;
- ')
- allow atop_t bin_t:dir search;
- optional_policy(`
- gen_require(`
- type initrc_t;
- ')
- allow atop_t initrc_t:sem { read unix_write write associate };
- ')
- userdom_getattr_user_home_dirs(atop_t)
- kernel_getattr_proc(atop_t)
- kernel_search_proc(atop_t)
- kernel_list_proc(atop_t)
- kernel_getattr_proc_files(atop_t)
- kernel_read_proc_symlinks(atop_t)
- kernel_read_system_state(atop_t)
- kernel_get_sysvipc_info(atop_t)
- domain_read_all_domains_state(atop_t)
- corecmd_shell_entry_type(atop_t)
- kernel_read_network_state(atop_t)
- fs_getattr_tmpfs(atop_t)
- auth_use_nsswitch(atop_t)
- storage_getattr_fixed_disk_dev(atop_t)
- miscfiles_read_localization(atop_t)
- dev_getattr_lvm_control(atop_t)
- cron_system_entry(atop_t, atop_exec_t)
- init_read_utmp(atop_t)
|