diff options
Diffstat (limited to 'policy/modules/contrib/certmaster.te')
-rw-r--r-- | policy/modules/contrib/certmaster.te | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/policy/modules/contrib/certmaster.te b/policy/modules/contrib/certmaster.te deleted file mode 100644 index bf82163b4..000000000 --- a/policy/modules/contrib/certmaster.te +++ /dev/null @@ -1,75 +0,0 @@ -policy_module(certmaster, 1.2.1) - -######################################## -# -# Declarations -# - -type certmaster_t; -type certmaster_exec_t; -init_daemon_domain(certmaster_t, certmaster_exec_t) - -type certmaster_initrc_exec_t; -init_script_file(certmaster_initrc_exec_t) - -type certmaster_etc_rw_t; -files_type(certmaster_etc_rw_t) - -type certmaster_var_lib_t; -files_type(certmaster_var_lib_t) - -type certmaster_var_log_t; -logging_log_file(certmaster_var_log_t) - -type certmaster_var_run_t; -files_pid_file(certmaster_var_run_t) - -########################################### -# -# Local policy -# - -allow certmaster_t self:capability { dac_read_search dac_override sys_tty_config }; -allow certmaster_t self:tcp_socket { accept listen }; - -list_dirs_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t) -manage_files_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t) - -manage_files_pattern(certmaster_t, certmaster_var_lib_t, certmaster_var_lib_t) -manage_dirs_pattern(certmaster_t, certmaster_var_lib_t, certmaster_var_lib_t) -files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { dir file }) - -append_files_pattern(certmaster_t, certmaster_var_log_t, certmaster_var_log_t) -create_files_pattern(certmaster_t, certmaster_var_log_t, certmaster_var_log_t) -setattr_files_pattern(certmaster_t, certmaster_var_log_t, certmaster_var_log_t) -logging_log_filetrans(certmaster_t, certmaster_var_log_t, file ) - -manage_files_pattern(certmaster_t, certmaster_var_run_t, certmaster_var_run_t) -manage_sock_files_pattern(certmaster_t, certmaster_var_run_t, certmaster_var_run_t) -files_pid_filetrans(certmaster_t ,certmaster_var_run_t, { file sock_file }) - -kernel_read_system_state(certmaster_t) - -corecmd_exec_bin(certmaster_t) - -corenet_all_recvfrom_unlabeled(certmaster_t) -corenet_all_recvfrom_netlabel(certmaster_t) -corenet_tcp_sendrecv_generic_if(certmaster_t) -corenet_tcp_sendrecv_generic_node(certmaster_t) -corenet_tcp_bind_generic_node(certmaster_t) - -corenet_sendrecv_certmaster_server_packets(certmaster_t) -corenet_tcp_bind_certmaster_port(certmaster_t) -corenet_tcp_sendrecv_certmaster_port(certmaster_t) - -dev_read_urand(certmaster_t) - -files_list_var(certmaster_t) -files_search_etc(certmaster_t) -files_read_usr_files(certmaster_t) - -auth_use_nsswitch(certmaster_t) - -miscfiles_read_localization(certmaster_t) -miscfiles_manage_generic_cert_dirs(certmaster_t) -miscfiles_manage_generic_cert_files(certmaster_t) |