Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/numad.te

policy_module(numad, 1.1.0)

########################################
#
# Declarations
#

type numad_t;
type numad_exec_t;
init_daemon_domain(numad_t, numad_exec_t)

type numad_unit_file_t;
systemd_unit_file(numad_unit_file_t)

type numad_var_log_t;
logging_log_file(numad_var_log_t)

type numad_var_run_t;
files_pid_file(numad_var_run_t)

########################################
#
# numad local policy
#

allow numad_t self:capability { ipc_owner kill sys_nice sys_ptrace } ;
allow numad_t self:fifo_file rw_fifo_file_perms;
allow numad_t self:msgq create_msgq_perms;
allow numad_t self:msg { send receive };
allow numad_t self:unix_stream_socket create_stream_socket_perms;

manage_files_pattern(numad_t, numad_var_log_t, numad_var_log_t)
logging_log_filetrans(numad_t, numad_var_log_t, file)

manage_files_pattern(numad_t, numad_var_run_t, numad_var_run_t)
files_pid_filetrans(numad_t, numad_var_run_t, file)

kernel_read_system_state(numad_t)

dev_rw_sysfs(numad_t)

domain_use_interactive_fds(numad_t)
domain_read_all_domains_state(numad_t)
domain_setpriority_all_domains(numad_t)
domain_signull_all_domains(numad_t)

fs_manage_cgroup_dirs(numad_t)
fs_rw_cgroup_files(numad_t)

tunable_policy(`deny_ptrace',`',`
	virt_ptrace(numad_t)
')
extract all compressed files to make viewing source code easier and updated oreon-backgrounds and oreon-release packages 2024-07-03 21:20:34 -07:00			`policy_module(numad, 1.1.0)`

			`########################################`
			`#`
			`# Declarations`
			`#`

			`type numad_t;`
			`type numad_exec_t;`
			`init_daemon_domain(numad_t, numad_exec_t)`

			`type numad_unit_file_t;`
			`systemd_unit_file(numad_unit_file_t)`

			`type numad_var_log_t;`
			`logging_log_file(numad_var_log_t)`

			`type numad_var_run_t;`
			`files_pid_file(numad_var_run_t)`

			`########################################`
			`#`
			`# numad local policy`
			`#`

			`allow numad_t self:capability { ipc_owner kill sys_nice sys_ptrace } ;`
			`allow numad_t self:fifo_file rw_fifo_file_perms;`
			`allow numad_t self:msgq create_msgq_perms;`
			`allow numad_t self:msg { send receive };`
			`allow numad_t self:unix_stream_socket create_stream_socket_perms;`

			`manage_files_pattern(numad_t, numad_var_log_t, numad_var_log_t)`
			`logging_log_filetrans(numad_t, numad_var_log_t, file)`

			`manage_files_pattern(numad_t, numad_var_run_t, numad_var_run_t)`
			`files_pid_filetrans(numad_t, numad_var_run_t, file)`

			`kernel_read_system_state(numad_t)`

			`dev_rw_sysfs(numad_t)`

			`domain_use_interactive_fds(numad_t)`
			`domain_read_all_domains_state(numad_t)`
			`domain_setpriority_all_domains(numad_t)`
			`domain_signull_all_domains(numad_t)`

			`fs_manage_cgroup_dirs(numad_t)`
			`fs_rw_cgroup_files(numad_t)`

			tunable_policy(`deny_ptrace',`',`
			`virt_ptrace(numad_t)`
			`')`