46 lines
1.4 KiB
Text
46 lines
1.4 KiB
Text
policy_module(keyutils, 1.0)
|
|
|
|
type keyutils_request_exec_t;
|
|
files_type(keyutils_request_exec_t)
|
|
|
|
type keyutils_dns_resolver_exec_t;
|
|
files_type(keyutils_dns_resolver_exec_t)
|
|
|
|
type keyutils_request_t;
|
|
domain_type(keyutils_request_t)
|
|
domain_entry_file(keyutils_request_t, keyutils_request_exec_t)
|
|
role system_r types keyutils_request_t;
|
|
|
|
type keyutils_dns_resolver_t;
|
|
domain_type(keyutils_dns_resolver_t)
|
|
domain_entry_file(keyutils_dns_resolver_t, keyutils_dns_resolver_exec_t)
|
|
role system_r types keyutils_dns_resolver_t;
|
|
|
|
### policy for the keyutils_request_t domain
|
|
allow keyutils_request_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
domain_read_view_all_domains_keyrings(keyutils_request_t)
|
|
|
|
optional_policy(`
|
|
init_search_pid_dirs(keyutils_request_t)
|
|
logging_send_syslog_msg(keyutils_request_t)
|
|
')
|
|
|
|
### policy for the keyutils_dns_resolver_t domain
|
|
can_exec(keyutils_dns_resolver_t, keyutils_dns_resolver_exec_t)
|
|
|
|
domtrans_pattern(keyutils_request_t, keyutils_dns_resolver_exec_t, keyutils_dns_resolver_t)
|
|
|
|
allow keyutils_dns_resolver_t self:netlink_route_socket r_netlink_socket_perms;
|
|
allow keyutils_dns_resolver_t self:udp_socket create_socket_perms;
|
|
allow keyutils_dns_resolver_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
kernel_read_key(keyutils_dns_resolver_t)
|
|
kernel_view_key(keyutils_dns_resolver_t)
|
|
|
|
init_search_pid_dirs(keyutils_dns_resolver_t)
|
|
sysnet_read_config(keyutils_dns_resolver_t)
|
|
|
|
optional_policy(`
|
|
avahi_stream_connect(keyutils_dns_resolver_t)
|
|
')
|