dnsping.te 1.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
  1. policy_module(dnsping, 0.1.11)
  2. #################################
  3. #
  4. # Declarations
  5. #
  6. type dnsping_t;
  7. type dnsping_exec_t;
  8. init_system_domain(dnsping_t, dnsping_exec_t)
  9. ########################################
  10. #
  11. # Local policy
  12. #
  13. allow dnsping_t self:capability dac_override;
  14. allow dnsping_t self:fifo_file { read write getattr };
  15. allow dnsping_t self:process { signal setsched getsched };
  16. allow dnsping_t self:tcp_socket { create getattr };
  17. allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr };
  18. allow dnsping_t self:unix_dgram_socket { write create connect };
  19. corenet_udp_bind_all_unreserved_ports(dnsping_t)
  20. corenet_udp_bind_generic_node(dnsping_t)
  21. dev_read_rand(dnsping_t)
  22. dev_read_urand(dnsping_t)
  23. kernel_search_vm_sysctl(dnsping_t)
  24. kernel_read_vm_sysctls(dnsping_t)
  25. kernel_read_net_sysctls(dnsping_t)
  26. corecmd_exec_bin(dnsping_t)
  27. logging_send_syslog_msg(dnsping_t)
  28. files_read_etc_files(dnsping_t)
  29. fs_getattr_xattr_fs(dnsping_t)
  30. fs_getattr_tmpfs(dnsping_t)
  31. miscfiles_read_localization(dnsping_t)
  32. miscfiles_read_generic_certs(dnsping_t)
  33. sysnet_read_config(dnsping_t)
  34. kernel_read_system_state(dnsping_t)
  35. kernel_read_vm_overcommit_sysctl(dnsping_t)
  36. corecmd_exec_shell(dnsping_t)
  37. files_manage_generic_tmp_files(dnsping_t)
  38. dontaudit dnsping_t self:capability dac_read_search;
  39. optional_policy(`
  40. gen_require(`
  41. type named_var_run_t;
  42. ')
  43. read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t)
  44. ')
  45. optional_policy(`
  46. gen_require(`
  47. type crond_tmp_t;
  48. ')
  49. allow dnsping_t crond_tmp_t:file { read write getattr ioctl };
  50. ')
  51. optional_policy(`
  52. gen_require(`
  53. type httpd_sys_content_t;
  54. ')
  55. allow dnsping_t httpd_sys_content_t:dir search;
  56. allow dnsping_t httpd_sys_content_t:file { read getattr open };
  57. ')
  58. optional_policy(`
  59. cron_system_entry(dnsping_t, dnsping_exec_t)
  60. ')