diff options
Diffstat (limited to 'policy/modules/contrib/openvswitch.te')
| -rw-r--r-- | policy/modules/contrib/openvswitch.te | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/policy/modules/contrib/openvswitch.te b/policy/modules/contrib/openvswitch.te deleted file mode 100644 index 508fedf21..000000000 --- a/policy/modules/contrib/openvswitch.te +++ /dev/null @@ -1,89 +0,0 @@ -policy_module(openvswitch, 1.0.1) - -######################################## -# -# Declarations -# - -type openvswitch_t; -type openvswitch_exec_t; -init_daemon_domain(openvswitch_t, openvswitch_exec_t) - -type openvswitch_initrc_exec_t; -init_script_file(openvswitch_initrc_exec_t) - -type openvswitch_conf_t; -files_config_file(openvswitch_conf_t) - -type openvswitch_var_lib_t; -files_type(openvswitch_var_lib_t) - -type openvswitch_log_t; -logging_log_file(openvswitch_log_t) - -type openvswitch_var_run_t; -files_pid_file(openvswitch_var_run_t) - -######################################## -# -# Local policy -# - -allow openvswitch_t self:capability { net_admin sys_nice sys_resource ipc_lock }; -allow openvswitch_t self:process { setrlimit setsched signal }; -allow openvswitch_t self:fifo_file rw_fifo_file_perms; -allow openvswitch_t self:rawip_socket create_socket_perms; -allow openvswitch_t self:unix_stream_socket { accept connectto listen }; - -manage_dirs_pattern(openvswitch_t, openvswitch_conf_t, openvswitch_conf_t) -manage_files_pattern(openvswitch_t, openvswitch_conf_t, openvswitch_conf_t) -manage_lnk_files_pattern(openvswitch_t, openvswitch_conf_t, openvswitch_conf_t) - -manage_dirs_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_lib_t) -manage_files_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_lib_t) -manage_lnk_files_pattern(openvswitch_t, openvswitch_var_lib_t, openvswitch_var_lib_t) -files_var_lib_filetrans(openvswitch_t, openvswitch_var_lib_t, { dir file lnk_file }) - -manage_dirs_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t) -append_files_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t) -create_files_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t) -setattr_files_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t) -manage_lnk_files_pattern(openvswitch_t, openvswitch_log_t, openvswitch_log_t) -logging_log_filetrans(openvswitch_t, openvswitch_log_t, { dir file lnk_file }) - -manage_dirs_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_run_t) -manage_files_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_run_t) -manage_sock_files_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_run_t) -manage_lnk_files_pattern(openvswitch_t, openvswitch_var_run_t, openvswitch_var_run_t) -files_pid_filetrans(openvswitch_t, openvswitch_var_run_t, { dir file lnk_file }) - -can_exec(openvswitch_t, openvswitch_exec_t) - -kernel_read_network_state(openvswitch_t) -kernel_read_system_state(openvswitch_t) - -corenet_all_recvfrom_unlabeled(openvswitch_t) -corenet_all_recvfrom_netlabel(openvswitch_t) -corenet_raw_sendrecv_generic_if(openvswitch_t) -corenet_raw_sendrecv_generic_node(openvswitch_t) - -corecmd_exec_bin(openvswitch_t) - -dev_read_urand(openvswitch_t) - -domain_use_interactive_fds(openvswitch_t) - -files_read_etc_files(openvswitch_t) - -fs_getattr_all_fs(openvswitch_t) -fs_search_cgroup_dirs(openvswitch_t) - -logging_send_syslog_msg(openvswitch_t) - -miscfiles_read_localization(openvswitch_t) - -sysnet_dns_name_resolve(openvswitch_t) - -optional_policy(` - iptables_domtrans(openvswitch_t) -') |