62 lines
1.5 KiB
Text
62 lines
1.5 KiB
Text
|
policy_module(journalctl, 1.0.0)
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# Declarations
|
||
|
#
|
||
|
|
||
|
attribute_role journalctl_roles;
|
||
|
roleattribute system_r journalctl_roles;
|
||
|
|
||
|
type journalctl_t;
|
||
|
type journalctl_exec_t;
|
||
|
application_domain(journalctl_t, journalctl_exec_t)
|
||
|
|
||
|
role journalctl_roles types journalctl_t;
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# journalctl local policy
|
||
|
#
|
||
|
allow journalctl_t self:capability sys_resource;
|
||
|
allow journalctl_t self:process { fork setrlimit signal_perms };
|
||
|
|
||
|
allow journalctl_t self:fifo_file manage_fifo_file_perms;
|
||
|
allow journalctl_t self:unix_stream_socket create_stream_socket_perms;
|
||
|
|
||
|
kernel_read_system_state(journalctl_t)
|
||
|
|
||
|
corecmd_exec_bin(journalctl_t)
|
||
|
|
||
|
domain_use_interactive_fds(journalctl_t)
|
||
|
|
||
|
files_read_etc_files(journalctl_t)
|
||
|
|
||
|
fs_getattr_all_fs(journalctl_t)
|
||
|
|
||
|
init_read_state(journalctl_t)
|
||
|
init_mmap_read_var_lib_files(journalctl_t)
|
||
|
|
||
|
auth_use_nsswitch(journalctl_t)
|
||
|
|
||
|
miscfiles_read_localization(journalctl_t)
|
||
|
|
||
|
logging_read_generic_logs(journalctl_t)
|
||
|
logging_watch_generic_log_dirs(journalctl_t)
|
||
|
logging_read_syslog_pid(journalctl_t)
|
||
|
logging_mmap_journal(journalctl_t)
|
||
|
logging_watch_journal_dir(journalctl_t)
|
||
|
|
||
|
term_use_generic_ptys(journalctl_t)
|
||
|
|
||
|
userdom_list_user_home_dirs(journalctl_t)
|
||
|
userdom_read_user_home_content_files(journalctl_t)
|
||
|
userdom_use_inherited_user_ptys(journalctl_t)
|
||
|
userdom_use_inherited_user_ttys(journalctl_t)
|
||
|
userdom_rw_inherited_user_tmp_files(journalctl_t)
|
||
|
userdom_rw_inherited_user_home_content_files(journalctl_t)
|
||
|
|
||
|
optional_policy(`
|
||
|
rhcd_read_fifo_files(journalctl_t)
|
||
|
')
|