psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame usernetctl.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   usernetctl.te
Blob History Raw
Dominick Grift ca5aa23 
policy_module(usernetctl, 1.6.1)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Declarations
1ec3d1a 
#
1ec3d1a
80aa858 
attribute_role usernetctl_roles;
80aa858 
roleattribute system_r usernetctl_roles;
Chris PeBenito 23d14ad
1ec3d1a 
type usernetctl_t;
1ec3d1a 
type usernetctl_exec_t;
1ec3d1a 
application_domain(usernetctl_t, usernetctl_exec_t)
1ec3d1a 
domain_interactive_fd(usernetctl_t)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Local policy
1ec3d1a 
#
1ec3d1a
1ec3d1a 
allow usernetctl_t self:capability { setuid setgid dac_override };
1ec3d1a 
allow usernetctl_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
1ec3d1a 
allow usernetctl_t self:fd use;
1ec3d1a 
allow usernetctl_t self:fifo_file rw_fifo_file_perms;
1ec3d1a 
allow usernetctl_t self:unix_dgram_socket sendto;
Dominick Grift ca5aa23 
allow usernetctl_t self:unix_stream_socket { accept connectto listen };
1ec3d1a
1ec3d1a 
can_exec(usernetctl_t, usernetctl_exec_t)
1ec3d1a
1ec3d1a 
kernel_read_system_state(usernetctl_t)
1ec3d1a 
kernel_read_kernel_sysctls(usernetctl_t)
1ec3d1a
1ec3d1a 
corecmd_list_bin(usernetctl_t)
1ec3d1a 
corecmd_exec_bin(usernetctl_t)
1ec3d1a 
corecmd_exec_shell(usernetctl_t)
1ec3d1a
1ec3d1a 
domain_dontaudit_read_all_domains_state(usernetctl_t)
1ec3d1a
1ec3d1a 
files_exec_etc_files(usernetctl_t)
1ec3d1a 
files_read_etc_runtime_files(usernetctl_t)
1ec3d1a 
files_list_pids(usernetctl_t)
1ec3d1a 
files_list_home(usernetctl_t)
1ec3d1a
1ec3d1a 
fs_search_auto_mountpoints(usernetctl_t)
1ec3d1a
1ec3d1a 
auth_use_nsswitch(usernetctl_t)
1ec3d1a
1ec3d1a 
logging_send_syslog_msg(usernetctl_t)
1ec3d1a
1ec3d1a 
seutil_read_config(usernetctl_t)
1ec3d1a
1ec3d1a 
sysnet_read_config(usernetctl_t)
06d521d
80aa858 
sysnet_run_ifconfig(usernetctl_t, usernetctl_roles)
80aa858 
sysnet_run_dhcpc(usernetctl_t, usernetctl_roles)
1ec3d1a
1ec3d1a 
userdom_use_inherited_user_terminals(usernetctl_t)
1ec3d1a
Chris PeBenito 9401ae1 
optional_policy(`
80aa858 
	hostname_exec(usernetctl_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
80aa858 
	iptables_run(usernetctl_t, usernetctl_roles)
1ec3d1a 
')
1ec3d1a
80aa858 
optional_policy(`
80aa858 
	modutils_run_insmod(usernetctl_t, usernetctl_roles)
80aa858 
')
Chris PeBenito 23d14ad
Chris PeBenito 23d14ad 
optional_policy(`
Chris PeBenito 9401ae1 
	nis_use_ypbind(usernetctl_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 23d14ad
80aa858 
optional_policy(`
80aa858 
	ppp_run(usernetctl_t, usernetctl_roles)
80aa858 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.