psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame usernetctl.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   c7965c6f2542368cd3b70ed4074b52c8bb85dc2f
  2.   usernetctl.te
Blob History Raw
Chris PeBenito bbc40b5 
policy_module(usernetctl, 1.6.0)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Declarations
1ec3d1a 
#
1ec3d1a
8b08bfc 
#attribute_role usernetctl_roles;
Chris PeBenito 23d14ad
1ec3d1a 
type usernetctl_t;
1ec3d1a 
type usernetctl_exec_t;
1ec3d1a 
application_domain(usernetctl_t, usernetctl_exec_t)
1ec3d1a 
domain_interactive_fd(usernetctl_t)
8b08bfc 
#role usernetctl_roles types usernetctl_t;
8b08bfc 
role system_r types usernetctl_t;
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Local policy
1ec3d1a 
#
1ec3d1a
1ec3d1a 
allow usernetctl_t self:capability { setuid setgid dac_override };
1ec3d1a 
allow usernetctl_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
1ec3d1a 
allow usernetctl_t self:fd use;
1ec3d1a 
allow usernetctl_t self:fifo_file rw_fifo_file_perms;
1ec3d1a 
allow usernetctl_t self:shm create_shm_perms;
1ec3d1a 
allow usernetctl_t self:sem create_sem_perms;
1ec3d1a 
allow usernetctl_t self:msgq create_msgq_perms;
1ec3d1a 
allow usernetctl_t self:msg { send receive };
1ec3d1a 
allow usernetctl_t self:unix_dgram_socket create_socket_perms;
1ec3d1a 
allow usernetctl_t self:unix_stream_socket create_stream_socket_perms;
1ec3d1a 
allow usernetctl_t self:unix_dgram_socket sendto;
1ec3d1a 
allow usernetctl_t self:unix_stream_socket connectto;
1ec3d1a
1ec3d1a 
can_exec(usernetctl_t, usernetctl_exec_t)
1ec3d1a
1ec3d1a 
kernel_read_system_state(usernetctl_t)
1ec3d1a 
kernel_read_kernel_sysctls(usernetctl_t)
1ec3d1a
1ec3d1a 
corecmd_list_bin(usernetctl_t)
1ec3d1a 
corecmd_exec_bin(usernetctl_t)
1ec3d1a 
corecmd_exec_shell(usernetctl_t)
1ec3d1a
1ec3d1a 
domain_dontaudit_read_all_domains_state(usernetctl_t)
1ec3d1a
1ec3d1a 
files_exec_etc_files(usernetctl_t)
1ec3d1a 
files_read_etc_runtime_files(usernetctl_t)
1ec3d1a 
files_list_pids(usernetctl_t)
1ec3d1a 
files_list_home(usernetctl_t)
1ec3d1a 
files_read_usr_files(usernetctl_t)
1ec3d1a
1ec3d1a 
fs_search_auto_mountpoints(usernetctl_t)
1ec3d1a
1ec3d1a 
auth_use_nsswitch(usernetctl_t)
1ec3d1a
1ec3d1a 
logging_send_syslog_msg(usernetctl_t)
1ec3d1a
1ec3d1a 
seutil_read_config(usernetctl_t)
1ec3d1a
1ec3d1a 
sysnet_read_config(usernetctl_t)
1ec3d1a
1ec3d1a 
userdom_use_inherited_user_terminals(usernetctl_t)
1ec3d1a
8b08bfc 
#sysnet_run_ifconfig(usernetctl_t, usernetctl_roles)
8b08bfc 
#sysnet_run_dhcpc(usernetctl_t, usernetctl_roles)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
8b08bfc 
	#consoletype_run(usernetctl_t, usernetctl_roles)
8b08bfc 
	consoletype_exec(usernetctl_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	hostname_exec(usernetctl_t)
1ec3d1a 
')
1ec3d1a
8b08bfc 
#optional_policy(`
8b08bfc 
#	iptables_run(usernetctl_t, usernetctl_roles)
8b08bfc 
#')
Chris PeBenito 23d14ad
8b08bfc 
#optional_policy(`
8b08bfc 
#	modutils_run_insmod(usernetctl_t, usernetctl_roles)
8b08bfc 
#')
Chris PeBenito 23d14ad
Chris PeBenito 23d14ad 
optional_policy(`
Chris PeBenito 9401ae1 
	nis_use_ypbind(usernetctl_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 23d14ad
8b08bfc 
#optional_policy(`
8b08bfc 
#	ppp_run(usernetctl_t, usernetctl_roles)
8b08bfc 
#')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.