policy_module(dnsping, 0.1.10) ################################# # # Declarations # type dnsping_t; type dnsping_exec_t; init_system_domain(dnsping_t, dnsping_exec_t) ######################################## # # Local policy # allow dnsping_t self:capability dac_override; allow dnsping_t self:fifo_file { read write getattr }; allow dnsping_t self:process { signal setsched }; allow dnsping_t self:tcp_socket { create getattr }; allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr }; allow dnsping_t self:unix_dgram_socket { write create connect }; corenet_udp_bind_all_unreserved_ports(dnsping_t) corenet_udp_bind_generic_node(dnsping_t) dev_read_rand(dnsping_t) dev_read_urand(dnsping_t) kernel_search_vm_sysctl(dnsping_t) kernel_read_vm_sysctls(dnsping_t) kernel_read_net_sysctls(dnsping_t) corecmd_exec_bin(dnsping_t) logging_send_syslog_msg(dnsping_t) files_read_etc_files(dnsping_t) fs_getattr_xattr_fs(dnsping_t) fs_getattr_tmpfs(dnsping_t) miscfiles_read_localization(dnsping_t) miscfiles_read_generic_certs(dnsping_t) sysnet_read_config(dnsping_t) kernel_read_system_state(dnsping_t) kernel_read_vm_overcommit_sysctl(dnsping_t) corecmd_exec_shell(dnsping_t) files_manage_generic_tmp_files(dnsping_t) dontaudit dnsping_t self:capability dac_read_search; optional_policy(` gen_require(` type named_var_run_t; ') read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t) ') optional_policy(` gen_require(` type crond_tmp_t; ') allow dnsping_t crond_tmp_t:file { read write getattr ioctl }; ') optional_policy(` gen_require(` type httpd_sys_content_t; ') allow dnsping_t httpd_sys_content_t:dir search; allow dnsping_t httpd_sys_content_t:file { read getattr open }; ') optional_policy(` cron_system_entry(dnsping_t, dnsping_exec_t) ')