psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame thumb.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   thumb.te
Blob History Raw
1ec3d1a 
policy_module(thumb, 1.0.0)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Declarations
1ec3d1a 
#
1ec3d1a
1ec3d1a 
type thumb_t;
1ec3d1a 
type thumb_exec_t;
1ec3d1a 
application_domain(thumb_t, thumb_exec_t)
1ec3d1a 
ubac_constrained(thumb_t)
1ec3d1a 
userdom_home_manager(thumb_t)
1ec3d1a
1ec3d1a 
type thumb_tmp_t;
1ec3d1a 
files_tmp_file(thumb_tmp_t)
1ec3d1a 
ubac_constrained(thumb_tmp_t)
1ec3d1a
1ec3d1a 
type thumb_home_t;
1ec3d1a 
userdom_user_home_content(thumb_home_t)
1ec3d1a
0478d33 
type thumb_tmpfs_t;
0478d33 
files_tmpfs_file(thumb_tmpfs_t)
0478d33
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# thumb local policy
1ec3d1a 
#
1ec3d1a
5025c32 
allow thumb_t self:process { setsched signal signull setrlimit };
1ec3d1a
1ec3d1a 
tunable_policy(`deny_execmem',`',`
1ec3d1a 
	allow thumb_t self:process execmem;
1ec3d1a 
')
1ec3d1a
1ec3d1a 
allow thumb_t self:fifo_file manage_fifo_file_perms;
1ec3d1a 
allow thumb_t self:unix_stream_socket create_stream_socket_perms;
1ec3d1a 
allow thumb_t self:netlink_route_socket r_netlink_socket_perms;
1ec3d1a 
allow thumb_t self:udp_socket create_socket_perms;
1ec3d1a 
allow thumb_t self:tcp_socket create_socket_perms;
18f7a88 
allow thumb_t self:shm create_shm_perms;
18f7a88 
allow thumb_t self:sem create_sem_perms;
1ec3d1a
1ec3d1a 
manage_dirs_pattern(thumb_t, thumb_home_t, thumb_home_t)
1ec3d1a 
manage_files_pattern(thumb_t, thumb_home_t, thumb_home_t)
1ec3d1a 
userdom_user_home_dir_filetrans(thumb_t, thumb_home_t, dir, ".thumbnails")
1ec3d1a 
userdom_user_home_dir_filetrans(thumb_t, thumb_home_t, file, "missfont.log")
1ec3d1a
1ec3d1a 
manage_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
1ec3d1a 
manage_dirs_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
1ec3d1a 
manage_sock_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
1ec3d1a 
exec_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
1ec3d1a 
files_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir sock_file })
1ec3d1a 
userdom_user_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir sock_file })
1ec3d1a 
xserver_xdm_tmp_filetrans(thumb_t, thumb_tmp_t, sock_file)
1ec3d1a
0478d33 
manage_dirs_pattern(thumb_t, thumb_tmpfs_t, thumb_tmpfs_t)
0478d33 
manage_files_pattern(thumb_t, thumb_tmpfs_t, thumb_tmpfs_t)
0478d33 
fs_tmpfs_filetrans(thumb_t, thumb_tmpfs_t, { dir file })
0478d33
1ec3d1a 
can_exec(thumb_t, thumb_exec_t)
1ec3d1a
1ec3d1a 
kernel_read_system_state(thumb_t)
1ec3d1a
1ec3d1a 
corecmd_exec_bin(thumb_t)
1ec3d1a 
corecmd_exec_shell(thumb_t)
1ec3d1a
1ec3d1a 
dev_read_sysfs(thumb_t)
1ec3d1a 
dev_read_urand(thumb_t)
1ec3d1a 
dev_dontaudit_rw_dri(thumb_t)
1ec3d1a 
dev_rw_xserver_misc(thumb_t)
1ec3d1a
1ec3d1a 
domain_use_interactive_fds(thumb_t)
1ec3d1a
1ec3d1a 
files_read_non_security_files(thumb_t)
1ec3d1a
3e328c4 
fs_getattr_all_fs(thumb_t)
1ec3d1a 
fs_read_dos_files(thumb_t)
71772d6 
fs_rw_inherited_tmpfs_files(thumb_t)
1ec3d1a
884a4ca 
auth_read_passwd(thumb_t)
1ec3d1a
6d82bd7 
tunable_policy(`selinuxuser_execmod',`
6d82bd7 
	libs_legacy_use_shared_libs(thumb_t)
6d82bd7 
')
6d82bd7
1ec3d1a 
miscfiles_read_fonts(thumb_t)
75fac74 
miscfiles_dontaudit_setattr_fonts_dirs(thumb_t)
75fac74 
miscfiles_dontaudit_setattr_fonts_cache_dirs(thumb_t)
1ec3d1a
1ec3d1a 
sysnet_read_config(thumb_t)
1ec3d1a
884a4ca 
userdom_dontaudit_setattr_user_tmp(thumb_t)
1ec3d1a 
userdom_read_user_tmp_files(thumb_t)
1ec3d1a 
userdom_read_user_home_content_files(thumb_t)
1ec3d1a 
userdom_write_user_tmp_files(thumb_t)
1ec3d1a 
userdom_read_home_audio_files(thumb_t)
1ec3d1a 
userdom_home_reader(thumb_t)
1ec3d1a
39adb44 
userdom_use_user_terminals(thumb_t)
1ec3d1a
1ec3d1a 
xserver_read_xdm_home_files(thumb_t)
1ec3d1a 
xserver_append_xdm_home_files(thumb_t)
1ec3d1a 
xserver_dontaudit_read_xdm_pid(thumb_t)
4d45620 
xserver_dontaudit_xdm_tmp_dirs(thumb_t)
1ec3d1a 
xserver_stream_connect(thumb_t)
0e9b9bc 
xserver_use_user_fonts(thumb_t)
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	dbus_dontaudit_stream_connect_session_bus(thumb_t)
1ec3d1a 
	dbus_dontaudit_chat_session_bus(thumb_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	# .config
1ec3d1a 
	gnome_dontaudit_search_config(thumb_t)
4ebbec8 
	gnome_append_generic_cache_files(thumb_t)
1ec3d1a 
	gnome_read_generic_data_home_files(thumb_t)
1ec3d1a 
	gnome_manage_gstreamer_home_files(thumb_t)
1ec3d1a 
	gnome_manage_gstreamer_home_dirs(thumb_t)
5de47f2 
	gnome_exec_gstreamer_home_files(thumb_t)
30e14a6 
	gnome_cache_filetrans(thumb_t, thumb_home_t, dir, "thumbnails")
268cd14 
	gnome_cache_filetrans(thumb_t, thumb_home_t, file)
1ec3d1a 
')
b3c7e79
b3c7e79 
optional_policy(`
b3c7e79 
	nscd_dontaudit_write_sock_file(thumb_t)
b3c7e79 
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.