Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/logwatch.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/logwatch.te')
-rw-r--r--policy/modules/contrib/logwatch.te169
1 files changed, 0 insertions, 169 deletions
diff --git a/policy/modules/contrib/logwatch.te b/policy/modules/contrib/logwatch.te
deleted file mode 100644
index 4256a4c8c..000000000
--- a/policy/modules/contrib/logwatch.te
+++ /dev/null
@@ -1,169 +0,0 @@
-policy_module(logwatch, 1.11.6)
-
-#################################
-#
-# Declarations
-#
-
-type logwatch_t;
-type logwatch_exec_t;
-init_system_domain(logwatch_t, logwatch_exec_t)
-
-type logwatch_cache_t;
-files_type(logwatch_cache_t)
-
-type logwatch_lock_t;
-files_lock_file(logwatch_lock_t)
-
-type logwatch_tmp_t;
-files_tmp_file(logwatch_tmp_t)
-
-type logwatch_var_run_t;
-files_pid_file(logwatch_var_run_t)
-
-mta_base_mail_template(logwatch)
-role system_r types logwatch_mail_t;
-
-########################################
-#
-# Local policy
-#
-
-allow logwatch_t self:capability { dac_override dac_read_search setgid };
-allow logwatch_t self:process signal;
-allow logwatch_t self:fifo_file rw_fifo_file_perms;
-allow logwatch_t self:unix_stream_socket { accept listen };
-
-manage_dirs_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
-manage_files_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
-
-allow logwatch_t logwatch_lock_t:file manage_file_perms;
-files_lock_filetrans(logwatch_t, logwatch_lock_t, file)
-
-manage_dirs_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
-manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
-files_tmp_filetrans(logwatch_t, logwatch_tmp_t, { file dir })
-
-allow logwatch_t logwatch_var_run_t:file manage_file_perms;
-files_pid_filetrans(logwatch_t, logwatch_var_run_t, file)
-
-kernel_read_fs_sysctls(logwatch_t)
-kernel_read_kernel_sysctls(logwatch_t)
-kernel_read_system_state(logwatch_t)
-kernel_read_net_sysctls(logwatch_t)
-kernel_read_network_state(logwatch_t)
-
-corecmd_exec_bin(logwatch_t)
-corecmd_exec_shell(logwatch_t)
-
-dev_read_urand(logwatch_t)
-dev_read_sysfs(logwatch_t)
-
-domain_read_all_domains_state(logwatch_t)
-
-files_getattr_all_files(logwatch_t)
-files_getattr_all_file_type_fs(logwatch_t)
-files_list_var(logwatch_t)
-files_search_all(logwatch_t)
-files_read_var_symlinks(logwatch_t)
-files_read_etc_runtime_files(logwatch_t)
-files_read_usr_files(logwatch_t)
-
-fs_getattr_all_dirs(logwatch_t)
-fs_getattr_all_fs(logwatch_t)
-fs_dontaudit_list_auto_mountpoints(logwatch_t)
-fs_list_inotifyfs(logwatch_t)
-
-storage_dontaudit_getattr_fixed_disk_dev(logwatch_t)
-
-mls_file_read_to_clearance(logwatch_t)
-
-term_dontaudit_getattr_pty_dirs(logwatch_t)
-term_dontaudit_list_ptys(logwatch_t)
-
-auth_use_nsswitch(logwatch_t)
-auth_dontaudit_read_shadow(logwatch_t)
-
-init_read_utmp(logwatch_t)
-init_dontaudit_write_utmp(logwatch_t)
-
-libs_read_lib_files(logwatch_t)
-
-logging_read_all_logs(logwatch_t)
-logging_send_syslog_msg(logwatch_t)
-
-miscfiles_read_localization(logwatch_t)
-
-selinux_dontaudit_getattr_dir(logwatch_t)
-
-sysnet_exec_ifconfig(logwatch_t)
-
-userdom_dontaudit_search_user_home_dirs(logwatch_t)
-
-mta_sendmail_domtrans(logwatch_t, logwatch_mail_t)
-mta_getattr_spool(logwatch_t)
-
-tunable_policy(`use_nfs_home_dirs',`
- fs_list_nfs(logwatch_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
- fs_list_cifs(logwatch_t)
-')
-
-optional_policy(`
- apache_read_log(logwatch_t)
-')
-
-optional_policy(`
- avahi_dontaudit_search_pid(logwatch_t)
-')
-
-optional_policy(`
- bind_read_config(logwatch_t)
- bind_read_zone(logwatch_t)
-')
-
-optional_policy(`
- cron_system_entry(logwatch_t, logwatch_exec_t)
-')
-
-optional_policy(`
- hostname_exec(logwatch_t)
-')
-
-optional_policy(`
- ntp_domtrans(logwatch_t)
-')
-
-optional_policy(`
- rpc_search_nfs_state_data(logwatch_t)
-')
-
-optional_policy(`
- samba_read_log(logwatch_t)
- samba_read_share_files(logwatch_t)
-')
-
-########################################
-#
-# Mail local policy
-#
-
-allow logwatch_mail_t self:capability { dac_read_search dac_override };
-
-allow logwatch_mail_t logwatch_t:fd use;
-allow logwatch_mail_t logwatch_t:fifo_file rw_fifo_file_perms;
-allow logwatch_mail_t logwatch_t:process sigchld;
-
-manage_files_pattern(logwatch_mail_t, logwatch_tmp_t, logwatch_tmp_t)
-
-dev_read_rand(logwatch_mail_t)
-dev_read_urand(logwatch_mail_t)
-dev_read_sysfs(logwatch_mail_t)
-
-logging_read_all_logs(logwatch_mail_t)
-
-optional_policy(`
- cron_use_system_job_fds(logwatch_mail_t)
-')