Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/mon_statd.te

77 lines
1.7 KiB
Text

policy_module(mon_statd, 1.0.0)
########################################
#
# Declarations
#
attribute mon_statd_domain;
type mon_statd_t, mon_statd_domain;
type mon_statd_exec_t;
init_daemon_domain(mon_statd_t, mon_statd_exec_t)
type mon_procd_t, mon_statd_domain;
type mon_procd_exec_t;
init_daemon_domain(mon_procd_t, mon_procd_exec_t)
type mon_statd_initrc_exec_t;
init_script_file(mon_statd_initrc_exec_t)
type mon_statd_var_run_t;
files_pid_file(mon_statd_var_run_t)
########################################
#
# mon_statd domain policy
#
manage_files_pattern(mon_statd_domain, mon_statd_var_run_t, mon_statd_var_run_t)
files_pid_filetrans(mon_statd_domain, mon_statd_var_run_t, file)
domain_read_all_domains_state(mon_statd_domain)
dev_rw_monitor_dev(mon_statd_domain)
########################################
#
# mon_fstatd local policy
#
allow mon_statd_t self:process { fork signal };
allow mon_statd_t self:fifo_file rw_fifo_file_perms;
allow mon_statd_t self:unix_stream_socket create_stream_socket_perms;
allow mon_statd_t self:unix_dgram_socket create_socket_perms;
kernel_dgram_send(mon_statd_t)
kernel_read_fs_sysctls(mon_statd_t)
fs_getattr_all_fs(mon_statd_t)
fs_getattr_all_dirs(mon_statd_t)
fs_search_cgroup_dirs(mon_statd_t)
logging_send_syslog_msg(mon_statd_t)
optional_policy(`
rpc_read_nfs_state_data(mon_statd_t)
')
########################################
#
# mon_procd local policy
#
allow mon_procd_t self:capability sys_ptrace;
allow mon_procd_t self:cap_userns sys_ptrace;
allow mon_procd_t self:unix_dgram_socket { create connect };
auth_read_passwd(mon_procd_t)
kernel_dgram_send(mon_procd_t)
kernel_read_system_state(mon_procd_t)
init_read_utmp(mon_procd_t)
logging_send_syslog_msg(mon_procd_t)