61 lines
1.5 KiB
Text
61 lines
1.5 KiB
Text
|
policy_module(opafm, 1.0.0)
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# Declarations
|
||
|
#
|
||
|
|
||
|
type opafm_t;
|
||
|
type opafm_exec_t;
|
||
|
init_daemon_domain(opafm_t, opafm_exec_t)
|
||
|
|
||
|
type opafm_var_lib_t;
|
||
|
files_type(opafm_var_lib_t)
|
||
|
|
||
|
type opafm_var_run_t;
|
||
|
files_pid_file(opafm_var_run_t)
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# opafm local policy
|
||
|
#
|
||
|
|
||
|
allow opafm_t self:capability dac_read_search;
|
||
|
allow opafm_t self:process setsched;
|
||
|
|
||
|
allow opafm_t self:netlink_rdma_socket create_socket_perms;
|
||
|
|
||
|
allow opafm_t self:unix_dgram_socket create_stream_socket_perms;
|
||
|
|
||
|
manage_dirs_pattern(opafm_t, opafm_var_lib_t, opafm_var_lib_t)
|
||
|
manage_files_pattern(opafm_t, opafm_var_lib_t, opafm_var_lib_t)
|
||
|
manage_sock_files_pattern(opafm_t, opafm_var_lib_t, opafm_var_lib_t)
|
||
|
files_var_lib_filetrans(opafm_t, opafm_var_lib_t, { dir file sock_file })
|
||
|
|
||
|
manage_dirs_pattern(opafm_t, opafm_var_run_t, opafm_var_run_t)
|
||
|
manage_files_pattern(opafm_t, opafm_var_run_t, opafm_var_run_t)
|
||
|
manage_fifo_files_pattern(opafm_t, opafm_var_run_t, opafm_var_run_t)
|
||
|
files_pid_filetrans(opafm_t, opafm_var_run_t, { dir file fifo_file })
|
||
|
|
||
|
kernel_dgram_send(opafm_t)
|
||
|
|
||
|
corenet_ib_manage_subnet_unlabeled_endports(opafm_t)
|
||
|
corenet_ib_access_unlabeled_pkeys(opafm_t)
|
||
|
|
||
|
dev_rw_infiniband_dev(opafm_t)
|
||
|
dev_rw_infiniband_mgmt_dev(opafm_t)
|
||
|
dev_list_sysfs(opafm_t)
|
||
|
dev_read_sysfs(opafm_t)
|
||
|
|
||
|
fs_search_nfs(opafm_t)
|
||
|
|
||
|
libs_exec_lib_files(opafm_t)
|
||
|
|
||
|
logging_send_syslog_msg(opafm_t)
|
||
|
|
||
|
miscfiles_read_certs(opafm_t)
|
||
|
|
||
|
optional_policy(`
|
||
|
kdump_manage_crash(opafm_t)
|
||
|
')
|