123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 |
- policy_module(acme-updater, 0.1.17)
- #################################
- #
- # Declarations
- #
- type acmeupdater_t;
- type acmeupdater_exec_t;
- init_system_domain(acmeupdater_t, acmeupdater_exec_t)
- type acmeupdater_etc_t;
- files_config_file(acmeupdater_etc_t)
- ########################################
- #
- # Local policy
- #
- allow acmeupdater_t self:capability { dac_read_search dac_override sys_resource };
- allow acmeupdater_t self:process setrlimit;
- allow acmeupdater_t self:tcp_socket accept;
- corecmd_exec_bin(acmeupdater_t)
- corecmd_exec_shell(acmeupdater_t)
- read_files_pattern(acmeupdater_t, acmeupdater_etc_t, acmeupdater_etc_t)
- miscfiles_read_localization(acmeupdater_t)
- miscfiles_read_generic_certs(acmeupdater_t)
- miscfiles_manage_generic_cert_files(acmeupdater_t)
- sysnet_dns_name_resolve(acmeupdater_t)
- files_manage_etc_files(acmeupdater_t)
- files_search_var_lib(acmeupdater_t)
- files_read_all_locks(acmeupdater_t)
- kernel_read_system_state(acmeupdater_t)
- dev_read_urand(acmeupdater_t)
- optional_policy(`
- gen_require(`
- type acmetool_var_lib_t;
- ')
- search_dirs_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
- read_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
- read_lnk_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
- ')
- apache_manage_config(acmeupdater_t)
- apache_domtrans(acmeupdater_t)
- jabber_admin(acmeupdater_t, system_r)
- optional_policy(`
- gen_require(`
- type httpd_initrc_exec_t;
- ')
- init_labeled_script_domtrans(acmeupdater_t, httpd_initrc_exec_t)
- ')
- optional_policy(`
- gen_require(`
- type dovecot_cert_t;
- ')
- manage_files_pattern(acmeupdater_t, dovecot_cert_t, dovecot_cert_t)
- ')
- optional_policy(`
- gen_require(`
- type dovecot_initrc_exec_t;
- ')
- init_labeled_script_domtrans(acmeupdater_t, dovecot_initrc_exec_t)
- ')
- optional_policy(`
- gen_require(`
- type postfix_etc_t;
- ')
- manage_files_pattern(acmeupdater_t, postfix_etc_t, postfix_etc_t)
- ')
- optional_policy(`
- gen_require(`
- type postfix_initrc_exec_t;
- ')
- init_labeled_script_domtrans(acmeupdater_t, postfix_initrc_exec_t)
- ')
- optional_policy(`
- cron_system_entry(acmeupdater_t, acmeupdater_exec_t)
- ')
- optional_policy(`
- gen_require(`
- type crond_tmp_t;
- ')
- allow acmeupdater_t crond_tmp_t:file { read write getattr ioctl };
- ')
- optional_policy(`
- gen_require(`
- type named_var_run_t;
- ')
- search_dirs_pattern(acmeupdater_t, named_var_run_t, named_var_run_t)
- read_files_pattern(acmeupdater_t, named_var_run_t, named_var_run_t)
- ')
|