| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- policy_module(hostname, 1.9.1)
- ########################################
- #
- # Declarations
- #
- type hostname_t;
- type hostname_exec_t;
- init_system_domain(hostname_t, hostname_exec_t)
- role system_r types hostname_t;
- ########################################
- #
- # Local policy
- #
- # for setting the hostname
- allow hostname_t self:process { sigchld sigkill sigstop signull signal };
- allow hostname_t self:capability sys_admin;
- allow hostname_t self:unix_stream_socket create_stream_socket_perms;
- dontaudit hostname_t self:capability sys_tty_config;
- kernel_list_proc(hostname_t)
- kernel_read_proc_symlinks(hostname_t)
- # for when /usr is not mounted:
- kernel_dontaudit_search_unlabeled(hostname_t)
- dev_read_sysfs(hostname_t)
- # Early devtmpfs, before udev relabel
- dev_dontaudit_rw_generic_chr_files(hostname_t)
- domain_use_interactive_fds(hostname_t)
- files_read_etc_files(hostname_t)
- files_dontaudit_search_var(hostname_t)
- fs_getattr_xattr_fs(hostname_t)
- fs_search_auto_mountpoints(hostname_t)
- fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
- term_dontaudit_use_console(hostname_t)
- term_use_all_ttys(hostname_t)
- term_use_all_ptys(hostname_t)
- init_use_fds(hostname_t)
- init_use_script_fds(hostname_t)
- init_use_script_ptys(hostname_t)
- logging_send_syslog_msg(hostname_t)
- miscfiles_read_localization(hostname_t)
- sysnet_dontaudit_rw_dhcpc_udp_sockets(hostname_t)
- sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
- sysnet_read_config(hostname_t)
- sysnet_dns_name_resolve(hostname_t)
- dev_read_urand(hostname_t)
- ifdef(`distro_debian',`
- term_dontaudit_use_unallocated_ttys(hostname_t)
- ')
- optional_policy(`
- nis_use_ypbind(hostname_t)
- ')
- optional_policy(`
- xen_append_log(hostname_t)
- xen_dontaudit_use_fds(hostname_t)
- ')
- optional_policy(`
- unconfined_dontaudit_rw_pipes(hostname_t)
- ')
|
