|
@@ -1,12 +1,41 @@
|
|
|
-policy_module(unconfined_additional, 0.0.2)
|
|
|
+policy_module(unconfined_additional, 0.0.4)
|
|
|
|
|
|
require {
|
|
|
type unconfined_t;
|
|
|
type portage_sandbox_t;
|
|
|
type sysadm_t;
|
|
|
+ type atop_t;
|
|
|
+ type atop_initrc_exec_t;
|
|
|
+ type atop_unit_t;
|
|
|
+ type spamd_t;
|
|
|
+ type spamd_initrc_exec_t;
|
|
|
+ type spamd_unit_t;
|
|
|
+ type phpfpm_t;
|
|
|
+ type phpfpm_initrc_exec_t;
|
|
|
+ type phpfpm_unit_t;
|
|
|
+ role unconfined_r;
|
|
|
}
|
|
|
|
|
|
allow unconfined_t portage_sandbox_t:process transition;
|
|
|
allow unconfined_t self:process execmem;
|
|
|
|
|
|
allow unconfined_t sysadm_t:process transition;
|
|
|
+sysadm_role_change(unconfined_r)
|
|
|
+sysadm_shell_domtrans(unconfined_t)
|
|
|
+
|
|
|
+init_startstop_service(unconfined_t, unconfined_r, atop_t, atop_initrc_exec_t, atop_unit_t)
|
|
|
+init_startstop_service(unconfined_t, unconfined_r, spamd_t, spamd_initrc_exec_t, spamd_unit_t)
|
|
|
+init_startstop_service(unconfined_t, unconfined_r, phpfpm_t, phpfpm_initrc_exec_t, phpfpm_unit_t)
|
|
|
+jabber_admin(unconfined_t, unconfined_r)
|
|
|
+amavis_admin(unconfined_t, unconfined_r)
|
|
|
+logging_admin_audit(unconfined_t, unconfined_r)
|
|
|
+dovecot_admin(unconfined_t, unconfined_r)
|
|
|
+openvpn_admin(unconfined_t, unconfined_r)
|
|
|
+logging_admin_syslog(unconfined_t, unconfined_r)
|
|
|
+mysql_admin(unconfined_t, unconfined_r)
|
|
|
+postfix_admin(unconfined_t, unconfined_r)
|
|
|
+ntp_admin(unconfined_t, unconfined_r)
|
|
|
+bind_admin(unconfined_t, unconfined_r)
|
|
|
+clamav_admin(unconfined_t, unconfined_r)
|
|
|
+apache_admin(unconfined_t, unconfined_r)
|
|
|
+
|