|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(jabber_additional, 0.0.2)
|
|
|
+policy_module(jabber_additional, 0.0.4)
|
|
|
|
|
|
require {
|
|
|
type jabberd_t;
|
|
@@ -11,9 +11,26 @@ init_unit_file(jabber_unit_t)
|
|
|
type jabberd_var_cache_t;
|
|
|
files_type(jabberd_var_cache_t)
|
|
|
|
|
|
+allow jabberd_t self:process { getsched setsched };
|
|
|
+
|
|
|
manage_dirs_pattern(jabberd_t, jabberd_var_cache_t, jabberd_var_cache_t)
|
|
|
manage_files_pattern(jabberd_t, jabberd_var_cache_t, jabberd_var_cache_t)
|
|
|
type_transition jabberd_t jabberd_var_cache_t:{ file dir } jabberd_var_cache_t;
|
|
|
|
|
|
kernel_read_vm_overcommit_sysctl(jabberd_t)
|
|
|
files_search_spool(jabberd_t)
|
|
|
+
|
|
|
+su_exec(jabberd_t)
|
|
|
+selinux_compute_access_vector(jabberd_t)
|
|
|
+auth_read_shadow(jabberd_t)
|
|
|
+miscfiles_read_generic_certs(jabberd_t)
|
|
|
+
|
|
|
+corenet_tcp_bind_epmd_port(jabberd_t)
|
|
|
+corenet_tcp_connect_epmd_port(jabberd_t)
|
|
|
+corenet_tcp_connect_ldap_port(jabberd_t)
|
|
|
+corenet_tcp_bind_all_unreserved_ports(jabberd_t)
|
|
|
+corenet_udp_bind_all_unreserved_ports(jabberd_t)
|
|
|
+corenet_tcp_connect_all_unreserved_ports(jabberd_t)
|
|
|
+
|
|
|
+
|
|
|
+auth_rw_faillog(jabberd_t)
|