| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- policy_module(ttrss, 0.0.5)
- require {
- type etc_t;
- type httpd_sys_content_t;
- type shell_exec_t;
- }
- ########################################
- #
- # Declarations
- #
- attribute_role ttrss_roles;
- type ttrss_t;
- type ttrss_exec_t;
- init_system_domain(ttrss_t, ttrss_exec_t)
- ########################################
- #
- # Local policy
- #
- allow ttrss_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
- allow ttrss_t self:tcp_socket { connect create getattr getopt read setopt write };
- allow ttrss_t self:udp_socket { connect create getattr read write setopt };
- allow ttrss_t self:unix_stream_socket { connect create read write };
- corenet_tcp_connect_generic_port(ttrss_t)
- corenet_tcp_connect_http_port(ttrss_t)
- files_read_etc_files(ttrss_t)
- miscfiles_read_generic_certs(ttrss_t)
- apache_manage_sys_content(ttrss_t)
- corecmd_check_exec_shell(ttrss_t)
- corecmd_exec_bin(ttrss_t)
- sysnet_read_config(ttrss_t)
- miscfiles_read_localization(ttrss_t)
- mysql_tcp_connect(ttrss_t)
- mysql_stream_connect(ttrss_t)
- allow ttrss_t etc_t:file map;
- allow ttrss_t httpd_sys_content_t:file map;
- corecmd_exec_shell(ttrss_t)
- allow ttrss_t shell_exec_t:file map;
- optional_policy(`
- cron_system_entry(ttrss_t, ttrss_exec_t)
- ')
|
