|
|
@@ -1,8 +1,10 @@
|
|
|
-policy_module(jabber_additional, 0.0.4)
|
|
|
+policy_module(jabber_additional, 0.0.5)
|
|
|
|
|
|
require {
|
|
|
type jabberd_t;
|
|
|
type jabberd_var_lib_t;
|
|
|
+ type faillog_t;
|
|
|
+ type initrc_runtime_t;
|
|
|
}
|
|
|
|
|
|
type jabber_unit_t;
|
|
|
@@ -12,19 +14,25 @@ type jabberd_var_cache_t;
|
|
|
files_type(jabberd_var_cache_t)
|
|
|
|
|
|
allow jabberd_t self:process { getsched setsched };
|
|
|
+allow jabberd_t self:capability { dac_read_search setgid setuid };
|
|
|
|
|
|
manage_dirs_pattern(jabberd_t, jabberd_var_cache_t, jabberd_var_cache_t)
|
|
|
manage_files_pattern(jabberd_t, jabberd_var_cache_t, jabberd_var_cache_t)
|
|
|
type_transition jabberd_t jabberd_var_cache_t:{ file dir } jabberd_var_cache_t;
|
|
|
|
|
|
+allow jabberd_t initrc_runtime_t:file { lock open read };
|
|
|
+
|
|
|
kernel_read_vm_overcommit_sysctl(jabberd_t)
|
|
|
files_search_spool(jabberd_t)
|
|
|
|
|
|
su_exec(jabberd_t)
|
|
|
+auth_domtrans_chk_passwd(jabberd_t)
|
|
|
selinux_compute_access_vector(jabberd_t)
|
|
|
auth_read_shadow(jabberd_t)
|
|
|
miscfiles_read_generic_certs(jabberd_t)
|
|
|
|
|
|
+corecmd_exec_shell(jabberd_t)
|
|
|
+
|
|
|
corenet_tcp_bind_epmd_port(jabberd_t)
|
|
|
corenet_tcp_connect_epmd_port(jabberd_t)
|
|
|
corenet_tcp_connect_ldap_port(jabberd_t)
|
|
|
@@ -32,5 +40,7 @@ corenet_tcp_bind_all_unreserved_ports(jabberd_t)
|
|
|
corenet_udp_bind_all_unreserved_ports(jabberd_t)
|
|
|
corenet_tcp_connect_all_unreserved_ports(jabberd_t)
|
|
|
|
|
|
+files_read_generic_tmp_files(jabberd_t)
|
|
|
|
|
|
auth_rw_faillog(jabberd_t)
|
|
|
+search_dirs_pattern(jabberd_t, faillog_t, faillog_t)
|
