diff options
Diffstat (limited to 'policy/modules/contrib/shorewall.te')
-rw-r--r-- | policy/modules/contrib/shorewall.te | 114 |
1 files changed, 0 insertions, 114 deletions
diff --git a/policy/modules/contrib/shorewall.te b/policy/modules/contrib/shorewall.te deleted file mode 100644 index ca03de614..000000000 --- a/policy/modules/contrib/shorewall.te +++ /dev/null @@ -1,114 +0,0 @@ -policy_module(shorewall, 1.3.5) - -######################################## -# -# Declarations -# - -type shorewall_t; -type shorewall_exec_t; -init_daemon_domain(shorewall_t, shorewall_exec_t) - -type shorewall_initrc_exec_t; -init_script_file(shorewall_initrc_exec_t) - -type shorewall_etc_t; -files_config_file(shorewall_etc_t) - -type shorewall_lock_t; -files_lock_file(shorewall_lock_t) - -type shorewall_tmp_t; -files_tmp_file(shorewall_tmp_t) - -type shorewall_var_lib_t; -domain_entry_file(shorewall_t, shorewall_var_lib_t) - -type shorewall_log_t; -logging_log_file(shorewall_log_t) - -######################################## -# -# Local policy -# - -allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_admin }; -dontaudit shorewall_t self:capability sys_tty_config; -allow shorewall_t self:fifo_file rw_fifo_file_perms; -allow shorewall_t self:netlink_socket create_socket_perms; - -read_files_pattern(shorewall_t, shorewall_etc_t, shorewall_etc_t) -list_dirs_pattern(shorewall_t, shorewall_etc_t, shorewall_etc_t) - -manage_files_pattern(shorewall_t, shorewall_lock_t, shorewall_lock_t) -files_lock_filetrans(shorewall_t, shorewall_lock_t, file) - -manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t) -append_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t) -create_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t) -setattr_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t) -logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir }) - -manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t) -manage_files_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t) -files_tmp_filetrans(shorewall_t, shorewall_tmp_t, { file dir }) - -exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) -manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) -manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) -files_var_lib_filetrans(shorewall_t, shorewall_var_lib_t, { dir file }) - -allow shorewall_t shorewall_initrc_exec_t:file read_file_perms; - -kernel_read_kernel_sysctls(shorewall_t) -kernel_read_network_state(shorewall_t) -kernel_read_system_state(shorewall_t) -kernel_rw_net_sysctls(shorewall_t) - -corecmd_exec_bin(shorewall_t) -corecmd_exec_shell(shorewall_t) - -dev_read_sysfs(shorewall_t) -dev_read_urand(shorewall_t) - -domain_read_all_domains_state(shorewall_t) - -files_getattr_kernel_modules(shorewall_t) -files_read_usr_files(shorewall_t) -files_search_kernel_modules(shorewall_t) - -fs_getattr_all_fs(shorewall_t) - -auth_use_nsswitch(shorewall_t) - -init_rw_utmp(shorewall_t) - -logging_read_generic_logs(shorewall_t) -logging_send_syslog_msg(shorewall_t) - -miscfiles_read_localization(shorewall_t) - -sysnet_domtrans_ifconfig(shorewall_t) - -userdom_dontaudit_list_user_home_dirs(shorewall_t) -userdom_use_user_terminals(shorewall_t) - -optional_policy(` - brctl_domtrans(shorewall_t) -') - -optional_policy(` - hostname_exec(shorewall_t) -') - -optional_policy(` - iptables_domtrans(shorewall_t) -') - -optional_policy(` - modutils_domtrans_insmod(shorewall_t) -') - -optional_policy(` - ulogd_search_log(shorewall_t) -') |