|
Dominick Grift |
1976443 |
policy_module(vdagent, 1.0.2)
|
|
 |
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# Declarations
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type vdagent_t;
|
|
|
1ec3d1a |
type vdagent_exec_t;
|
|
|
1ec3d1a |
init_daemon_domain(vdagent_t, vdagent_exec_t)
|
|
|
1ec3d1a |
|
|
Dominick Grift |
1976443 |
type vdagentd_initrc_exec_t;
|
|
Dominick Grift |
1976443 |
init_script_file(vdagentd_initrc_exec_t)
|
|
Dominick Grift |
1976443 |
|
|
|
1ec3d1a |
type vdagent_var_run_t;
|
|
|
1ec3d1a |
files_pid_file(vdagent_var_run_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type vdagent_log_t;
|
|
|
1ec3d1a |
logging_log_file(vdagent_log_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
Dominick Grift |
1976443 |
# Local policy
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dontaudit vdagent_t self:capability sys_admin;
|
|
|
1ec3d1a |
allow vdagent_t self:process signal;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow vdagent_t self:fifo_file rw_fifo_file_perms;
|
|
Dominick Grift |
1976443 |
allow vdagent_t self:unix_stream_socket { accept listen };
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
|
|
|
1ec3d1a |
manage_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
|
|
|
1ec3d1a |
manage_sock_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
|
|
|
1ec3d1a |
files_pid_filetrans(vdagent_t, vdagent_var_run_t, { dir file sock_file })
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
|
|
Dominick Grift |
1976443 |
append_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
|
|
Dominick Grift |
1976443 |
create_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
|
|
Dominick Grift |
1976443 |
setattr_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
|
|
 |
899b713 |
logging_log_filetrans(vdagent_t, vdagent_log_t, file)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dev_rw_input_dev(vdagent_t)
|
|
|
1ec3d1a |
dev_read_sysfs(vdagent_t)
|
|
|
1ec3d1a |
dev_dontaudit_write_mtrr(vdagent_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
init_read_state(vdagent_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
systemd_read_logind_sessions_files(vdagent_t)
|
|
|
1ec3d1a |
systemd_login_read_pid_files(vdagent_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
term_use_virtio_console(vdagent_t)
|
|
|
1ec3d1a |
|
|
|
45815ce |
logging_send_syslog_msg(vdagent_t)
|
|
|
899b713 |
|
|
Dominick Grift |
1976443 |
userdom_read_all_users_state(vdagent_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
dbus_system_bus_client(vdagent_t)
|
|
Dominick Grift |
1976443 |
|
|
Dominick Grift |
1976443 |
optional_policy(`
|
|
Dominick Grift |
1976443 |
consolekit_dbus_chat(vdagent_t)
|
|
Dominick Grift |
1976443 |
')
|
|
|
1ec3d1a |
')
|