|
@@ -0,0 +1,71 @@
|
|
|
+policy_module(dnsping, 0.1.6)
|
|
|
+
|
|
|
+#################################
|
|
|
+#
|
|
|
+# Declarations
|
|
|
+#
|
|
|
+
|
|
|
+type dnsping_t;
|
|
|
+type dnsping_exec_t;
|
|
|
+init_system_domain(dnsping_t, dnsping_exec_t)
|
|
|
+
|
|
|
+
|
|
|
+########################################
|
|
|
+#
|
|
|
+# Local policy
|
|
|
+#
|
|
|
+
|
|
|
+allow dnsping_t self:capability dac_override;
|
|
|
+allow dnsping_t self:fifo_file { read write getattr };
|
|
|
+allow dnsping_t self:process signal;
|
|
|
+allow dnsping_t self:tcp_socket { create getattr };
|
|
|
+allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr };
|
|
|
+allow dnsping_t self:unix_dgram_socket { write create connect };
|
|
|
+
|
|
|
+corenet_udp_bind_all_unreserved_ports(dnsping_t)
|
|
|
+corenet_udp_bind_generic_node(dnsping_t)
|
|
|
+
|
|
|
+dev_read_rand(dnsping_t)
|
|
|
+dev_read_urand(dnsping_t)
|
|
|
+
|
|
|
+kernel_search_vm_sysctl(dnsping_t)
|
|
|
+kernel_read_vm_sysctls(dnsping_t)
|
|
|
+
|
|
|
+corecmd_exec_bin(dnsping_t)
|
|
|
+logging_send_syslog_msg(dnsping_t)
|
|
|
+files_read_etc_files(dnsping_t)
|
|
|
+fs_getattr_xattr_fs(dnsping_t)
|
|
|
+miscfiles_read_localization(dnsping_t)
|
|
|
+sysnet_read_config(dnsping_t)
|
|
|
+
|
|
|
+kernel_read_system_state(dnsping_t)
|
|
|
+kernel_read_vm_overcommit_sysctl(dnsping_t)
|
|
|
+
|
|
|
+corecmd_exec_shell(dnsping_t)
|
|
|
+files_manage_generic_tmp_files(dnsping_t)
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type named_var_run_t;
|
|
|
+ ')
|
|
|
+ read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t)
|
|
|
+')
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type crond_tmp_t;
|
|
|
+ ')
|
|
|
+ allow dnsping_t crond_tmp_t:file { read write getattr ioctl };
|
|
|
+')
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type httpd_sys_content_t;
|
|
|
+ ')
|
|
|
+allow dnsping_t httpd_sys_content_t:dir search;
|
|
|
+allow dnsping_t httpd_sys_content_t:file { read getattr open };
|
|
|
+')
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ cron_system_entry(dnsping_t, dnsping_exec_t)
|
|
|
+')
|