57 lines
1.1 KiB
Text
57 lines
1.1 KiB
Text
policy_module(afterburn, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type afterburn_t;
|
|
type afterburn_exec_t;
|
|
init_daemon_domain(afterburn_t, afterburn_exec_t)
|
|
|
|
type afterburn_unit_file_t;
|
|
systemd_unit_file(afterburn_unit_file_t)
|
|
|
|
permissive afterburn_t;
|
|
|
|
########################################
|
|
#
|
|
# afterburn local policy
|
|
#
|
|
allow afterburn_t self:capability { setgid setuid sys_admin };
|
|
allow afterburn_t self:process { fork setpgid };
|
|
allow afterburn_t self:fifo_file rw_fifo_file_perms;
|
|
allow afterburn_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
kernel_dgram_send(afterburn_t)
|
|
kernel_read_all_proc(afterburn_t)
|
|
|
|
corenet_tcp_connect_http_port(afterburn_t)
|
|
|
|
domain_use_interactive_fds(afterburn_t)
|
|
|
|
files_read_etc_files(afterburn_t)
|
|
|
|
optional_policy(`
|
|
auth_use_nsswitch(afterburn_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
logging_write_syslog_pid_socket(afterburn_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
miscfiles_read_localization(afterburn_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
networkmanager_dbus_chat(afterburn_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
ssh_filetrans_home_content(afterburn_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
sysnet_dns_name_resolve(afterburn_t)
|
|
')
|