policy_module(backup, 1.6.2) ######################################## # # Declarations # attribute_role backup_roles; roleattribute system_r backup_roles; type backup_t; type backup_exec_t; application_domain(backup_t, backup_exec_t) role backup_roles types backup_t; type backup_store_t; files_type(backup_store_t) ######################################## # # Local policy # allow backup_t self:capability { dac_read_search }; allow backup_t self:process signal; allow backup_t self:fifo_file rw_fifo_file_perms; allow backup_t self:tcp_socket create_socket_perms; allow backup_t self:udp_socket create_socket_perms; allow backup_t backup_store_t:file setattr_file_perms; manage_files_pattern(backup_t, backup_store_t, backup_store_t) rw_files_pattern(backup_t, backup_store_t, backup_store_t) read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t) kernel_read_system_state(backup_t) kernel_read_kernel_sysctls(backup_t) corecmd_exec_bin(backup_t) corecmd_exec_shell(backup_t) corenet_all_recvfrom_netlabel(backup_t) corenet_tcp_sendrecv_generic_if(backup_t) corenet_tcp_sendrecv_generic_node(backup_t) corenet_tcp_sendrecv_all_ports(backup_t) corenet_tcp_connect_all_ports(backup_t) corenet_sendrecv_all_client_packets(backup_t) dev_getattr_all_blk_files(backup_t) dev_getattr_all_chr_files(backup_t) dev_read_urand(backup_t) domain_use_interactive_fds(backup_t) files_read_all_files(backup_t) files_read_all_symlinks(backup_t) files_getattr_all_pipes(backup_t) files_getattr_all_sockets(backup_t) fs_getattr_xattr_fs(backup_t) fs_list_all(backup_t) auth_read_shadow(backup_t) logging_send_syslog_msg(backup_t) sysnet_read_config(backup_t) userdom_use_inherited_user_terminals(backup_t) optional_policy(` cron_system_entry(backup_t, backup_exec_t) ') optional_policy(` hostname_exec(backup_t) ') optional_policy(` nis_use_ypbind(backup_t) ')