82 lines
2.4 KiB
Text
82 lines
2.4 KiB
Text
policy_module(freeipmi, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
attribute freeipmi_domain;
|
|
attribute freeipmi_pid;
|
|
|
|
freeipmi_domain_template(ipmidetectd)
|
|
freeipmi_domain_template(ipmiseld)
|
|
freeipmi_domain_template(bmc_watchdog)
|
|
|
|
type freeipmi_var_lib_t;
|
|
files_type(freeipmi_var_lib_t)
|
|
|
|
type freeipmi_var_cache_t;
|
|
files_type(freeipmi_var_cache_t)
|
|
|
|
########################################
|
|
#
|
|
# freeipmi_domain local policy
|
|
#
|
|
|
|
allow freeipmi_domain self:fifo_file rw_fifo_file_perms;
|
|
allow freeipmi_domain self:unix_stream_socket create_stream_socket_perms;
|
|
allow freeipmi_domain self:sem create_sem_perms;
|
|
|
|
manage_dirs_pattern(freeipmi_domain, freeipmi_var_cache_t, freeipmi_var_cache_t)
|
|
manage_files_pattern(freeipmi_domain, freeipmi_var_cache_t, freeipmi_var_cache_t)
|
|
manage_lnk_files_pattern(freeipmi_domain, freeipmi_var_cache_t, freeipmi_var_cache_t)
|
|
files_var_filetrans(freeipmi_domain, freeipmi_var_cache_t, { dir })
|
|
allow freeipmi_domain freeipmi_var_cache_t:file map;
|
|
|
|
manage_dirs_pattern(freeipmi_domain, freeipmi_var_lib_t, freeipmi_var_lib_t)
|
|
manage_files_pattern(freeipmi_domain, freeipmi_var_lib_t, freeipmi_var_lib_t)
|
|
manage_lnk_files_pattern(freeipmi_domain, freeipmi_var_lib_t, freeipmi_var_lib_t)
|
|
files_var_lib_filetrans(freeipmi_domain, freeipmi_var_lib_t, { dir })
|
|
|
|
dev_read_rand(freeipmi_domain)
|
|
dev_read_urand(freeipmi_domain)
|
|
dev_rw_ipmi_dev(freeipmi_domain)
|
|
dev_read_sysfs(freeipmi_domain)
|
|
dev_map_sysfs(freeipmi_domain)
|
|
|
|
sysnet_dns_name_resolve(freeipmi_domain)
|
|
|
|
#######################################
|
|
#
|
|
# bmc-watchdog local policy
|
|
#
|
|
|
|
allow freeipmi_bmc_watchdog_t freeipmi_ipmiseld_t:sem rw_sem_perms;
|
|
|
|
files_pid_filetrans(freeipmi_bmc_watchdog_t, freeipmi_bmc_watchdog_var_run_t, file, "bmc-watchdog.pid")
|
|
|
|
dev_read_raw_memory(freeipmi_bmc_watchdog_t)
|
|
|
|
#######################################
|
|
#
|
|
# ipmidetectd local policy
|
|
#
|
|
|
|
allow freeipmi_ipmidetectd_t self:tcp_socket listen;
|
|
|
|
files_pid_filetrans(freeipmi_ipmidetectd_t, freeipmi_ipmidetectd_var_run_t, file, "ipmidetectd.pid")
|
|
|
|
corenet_tcp_bind_freeipmi_port(freeipmi_ipmidetectd_t)
|
|
|
|
#######################################
|
|
#
|
|
# ipmiseld local policy
|
|
#
|
|
|
|
allow freeipmi_ipmiseld_t self:capability sys_rawio;
|
|
|
|
allow freeipmi_ipmiseld_t freeipmi_bmc_watchdog_t:sem rw_sem_perms;
|
|
|
|
dev_read_raw_memory(freeipmi_ipmiseld_t)
|
|
|
|
files_pid_filetrans(freeipmi_ipmiseld_t, freeipmi_ipmiseld_var_run_t, file, "ipmiseld.pid")
|