## Service for reporting kernel oopses to kerneloops.org. ######################################## ## ## Execute a domain transition to run kerneloops. ## ## ## ## Domain allowed to transition. ## ## # interface(`kerneloops_domtrans',` gen_require(` type kerneloops_t, kerneloops_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, kerneloops_exec_t, kerneloops_t) ') ######################################## ## ## Send and receive messages from ## kerneloops over dbus. ## ## ## ## Domain allowed access. ## ## # interface(`kerneloops_dbus_chat',` gen_require(` type kerneloops_t; class dbus send_msg; ') allow $1 kerneloops_t:dbus send_msg; allow kerneloops_t $1:dbus send_msg; ') ######################################## ## ## Do not audit attempts to Send and ## receive messages from kerneloops ## over dbus. ## ## ## ## Domain to not audit. ## ## # interface(`kerneloops_dontaudit_dbus_chat',` gen_require(` type kerneloops_t; class dbus send_msg; ') dontaudit $1 kerneloops_t:dbus send_msg; dontaudit kerneloops_t $1:dbus send_msg; ') ######################################## ## ## Create, read, write, and delete ## kerneloops temporary files. ## ## ## ## Domain allowed access. ## ## # interface(`kerneloops_manage_tmp_files',` gen_require(` type kerneloops_tmp_t; ') files_search_tmp($1) allow $1 kerneloops_tmp_t:file manage_file_perms; ') ######################################## ## ## All of the rules required to ## administrate an kerneloops environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`kerneloops_admin',` gen_require(` type kerneloops_t, kerneloops_initrc_exec_t, kerneloops_tmp_t; ') allow $1 kerneloops_t:process signal_perms; ps_process_pattern($1, kerneloops_t) tunable_policy(`deny_ptrace',`',` allow $1 kerneloops_t:process ptrace; ') init_labeled_script_domtrans($1, kerneloops_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 kerneloops_initrc_exec_t system_r; allow $2 system_r; files_search_tmp($1) admin_pattern($1, kerneloops_tmp_t) ')