47 lines
938 B
Text
47 lines
938 B
Text
|
policy_module(iotop, 1.0.0)
|
||
|
|
|
||
|
|
########################################
|
||
|
|
#
|
||
|
|
# Declarations
|
||
|
|
#
|
||
|
|
|
||
|
|
attribute_role iotop_roles;
|
||
|
|
roleattribute system_r iotop_roles;
|
||
|
|
|
||
|
|
type iotop_t;
|
||
|
|
type iotop_exec_t;
|
||
|
|
application_domain(iotop_t, iotop_exec_t)
|
||
|
|
|
||
|
|
role iotop_roles types iotop_t;
|
||
|
|
|
||
|
|
########################################
|
||
|
|
#
|
||
|
|
# iotop local policy
|
||
|
|
#
|
||
|
|
|
||
|
|
allow iotop_t self:capability net_admin;
|
||
|
|
allow iotop_t self:netlink_generic_socket create_socket_perms;
|
||
|
|
allow iotop_t self:netlink_route_socket r_netlink_socket_perms;
|
||
|
|
allow iotop_t self:netlink_socket create_socket_perms;
|
||
|
|
allow iotop_t self:unix_dgram_socket create_socket_perms;
|
||
|
|
|
||
|
|
kernel_read_system_state(iotop_t)
|
||
|
|
|
||
|
|
auth_use_nsswitch(iotop_t)
|
||
|
|
|
||
|
|
dev_read_urand(iotop_t)
|
||
|
|
|
||
|
|
domain_getsched_all_domains(iotop_t)
|
||
|
|
domain_read_all_domains_state(iotop_t)
|
||
|
|
|
||
|
|
corecmd_exec_bin(iotop_t)
|
||
|
|
|
||
|
|
miscfiles_read_localization(iotop_t)
|
||
|
|
|
||
|
|
userdom_use_user_terminals(iotop_t)
|
||
|
|
|
||
|
|
optional_policy(`
|
||
|
|
libs_exec_ldconfig(iotop_t)
|
||
|
|
')
|
||
|
|
|