diff options
Diffstat (limited to 'policy/modules/contrib/dhcp.te')
-rw-r--r-- | policy/modules/contrib/dhcp.te | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/policy/modules/contrib/dhcp.te b/policy/modules/contrib/dhcp.te deleted file mode 100644 index c93c3db5f..000000000 --- a/policy/modules/contrib/dhcp.te +++ /dev/null @@ -1,131 +0,0 @@ -policy_module(dhcp, 1.10.1) - -######################################## -# -# Declarations -# - -## <desc> -## <p> -## Determine whether DHCP daemon -## can use LDAP backends. -## </p> -## </desc> -gen_tunable(dhcpd_use_ldap, false) - -type dhcpd_t; -type dhcpd_exec_t; -init_daemon_domain(dhcpd_t, dhcpd_exec_t) - -type dhcpd_initrc_exec_t; -init_script_file(dhcpd_initrc_exec_t) - -type dhcpd_state_t; -files_type(dhcpd_state_t) - -type dhcpd_tmp_t; -files_tmp_file(dhcpd_tmp_t) - -type dhcpd_var_run_t; -files_pid_file(dhcpd_var_run_t) - -######################################## -# -# Local policy -# - -allow dhcpd_t self:capability { chown dac_override sys_chroot net_raw setgid setuid sys_resource }; -dontaudit dhcpd_t self:capability { net_admin sys_tty_config }; -allow dhcpd_t self:process { getcap setcap signal_perms }; -allow dhcpd_t self:fifo_file rw_fifo_file_perms; -allow dhcpd_t self:tcp_socket { accept listen }; -allow dhcpd_t self:packet_socket create_socket_perms; -allow dhcpd_t self:rawip_socket create_socket_perms; - -manage_files_pattern(dhcpd_t, dhcpd_state_t, dhcpd_state_t) -sysnet_dhcp_state_filetrans(dhcpd_t, dhcpd_state_t, file) - -manage_dirs_pattern(dhcpd_t, dhcpd_tmp_t, dhcpd_tmp_t) -manage_files_pattern(dhcpd_t, dhcpd_tmp_t, dhcpd_tmp_t) -files_tmp_filetrans(dhcpd_t, dhcpd_tmp_t, { dir file }) - -manage_files_pattern(dhcpd_t, dhcpd_var_run_t, dhcpd_var_run_t) -files_pid_filetrans(dhcpd_t, dhcpd_var_run_t, file) - -can_exec(dhcpd_t, dhcpd_exec_t) - -kernel_read_system_state(dhcpd_t) -kernel_read_kernel_sysctls(dhcpd_t) -kernel_read_network_state(dhcpd_t) - -corenet_all_recvfrom_unlabeled(dhcpd_t) -corenet_all_recvfrom_netlabel(dhcpd_t) -corenet_tcp_sendrecv_generic_if(dhcpd_t) -corenet_udp_sendrecv_generic_if(dhcpd_t) -corenet_raw_sendrecv_generic_if(dhcpd_t) -corenet_tcp_sendrecv_generic_node(dhcpd_t) -corenet_udp_sendrecv_generic_node(dhcpd_t) -corenet_raw_sendrecv_generic_node(dhcpd_t) -corenet_tcp_sendrecv_all_ports(dhcpd_t) -corenet_udp_sendrecv_all_ports(dhcpd_t) -corenet_tcp_bind_generic_node(dhcpd_t) -corenet_udp_bind_generic_node(dhcpd_t) - -corenet_sendrecv_dhcpd_server_packets(dhcpd_t) -corenet_tcp_bind_dhcpd_port(dhcpd_t) -corenet_udp_bind_dhcpd_port(dhcpd_t) - -corenet_sendrecv_pxe_server_packets(dhcpd_t) -corenet_udp_bind_pxe_port(dhcpd_t) - -corenet_sendrecv_all_client_packets(dhcpd_t) -corenet_tcp_connect_all_ports(dhcpd_t) - -corenet_udp_bind_all_unreserved_ports(dhcpd_t) - -corecmd_exec_bin(dhcpd_t) - -dev_read_sysfs(dhcpd_t) -dev_read_rand(dhcpd_t) -dev_read_urand(dhcpd_t) - -fs_getattr_all_fs(dhcpd_t) -fs_search_auto_mountpoints(dhcpd_t) - -domain_use_interactive_fds(dhcpd_t) - -files_read_usr_files(dhcpd_t) -files_read_etc_runtime_files(dhcpd_t) -files_search_var_lib(dhcpd_t) - -auth_use_nsswitch(dhcpd_t) - -logging_send_syslog_msg(dhcpd_t) - -miscfiles_read_localization(dhcpd_t) - -sysnet_read_dhcp_config(dhcpd_t) - -userdom_dontaudit_use_unpriv_user_fds(dhcpd_t) -userdom_dontaudit_search_user_home_dirs(dhcpd_t) - -tunable_policy(`dhcpd_use_ldap',` - sysnet_use_ldap(dhcpd_t) -') - -optional_policy(` - bind_read_dnssec_keys(dhcpd_t) -') - -optional_policy(` - dbus_system_bus_client(dhcpd_t) - dbus_connect_system_bus(dhcpd_t) -') - -optional_policy(` - seutil_sigchld_newrole(dhcpd_t) -') - -optional_policy(` - udev_read_db(dhcpd_t) -') |