Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/calamaris.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/calamaris.te')
-rw-r--r--policy/modules/contrib/calamaris.te83
1 files changed, 83 insertions, 0 deletions
diff --git a/policy/modules/contrib/calamaris.te b/policy/modules/contrib/calamaris.te
new file mode 100644
index 00000000..b13fb66c
--- /dev/null
+++ b/policy/modules/contrib/calamaris.te
@@ -0,0 +1,83 @@
+policy_module(calamaris, 1.7.0)
+
+########################################
+#
+# Declarations
+#
+
+type calamaris_t;
+type calamaris_exec_t;
+init_system_domain(calamaris_t, calamaris_exec_t)
+
+type calamaris_www_t;
+files_type(calamaris_www_t)
+
+type calamaris_log_t;
+logging_log_file(calamaris_log_t)
+
+########################################
+#
+# Local policy
+#
+
+# for when squid has a different UID
+allow calamaris_t self:capability dac_override;
+allow calamaris_t self:process { fork signal_perms setsched };
+allow calamaris_t self:fifo_file rw_fifo_file_perms;
+allow calamaris_t self:unix_stream_socket create_stream_socket_perms;
+allow calamaris_t self:tcp_socket create_stream_socket_perms;
+allow calamaris_t self:udp_socket create_socket_perms;
+
+manage_files_pattern(calamaris_t, calamaris_www_t, calamaris_www_t)
+manage_lnk_files_pattern(calamaris_t, calamaris_www_t, calamaris_www_t)
+
+manage_files_pattern(calamaris_t, calamaris_log_t, calamaris_log_t)
+logging_log_filetrans(calamaris_t, calamaris_log_t, { file dir })
+
+kernel_read_all_sysctls(calamaris_t)
+kernel_read_system_state(calamaris_t)
+
+corecmd_exec_bin(calamaris_t)
+
+corenet_all_recvfrom_unlabeled(calamaris_t)
+corenet_all_recvfrom_netlabel(calamaris_t)
+corenet_tcp_sendrecv_generic_if(calamaris_t)
+corenet_udp_sendrecv_generic_if(calamaris_t)
+corenet_tcp_sendrecv_generic_node(calamaris_t)
+corenet_udp_sendrecv_generic_node(calamaris_t)
+corenet_tcp_sendrecv_all_ports(calamaris_t)
+corenet_udp_sendrecv_all_ports(calamaris_t)
+
+dev_read_urand(calamaris_t)
+
+files_search_pids(calamaris_t)
+files_read_etc_files(calamaris_t)
+files_read_usr_files(calamaris_t)
+files_read_var_files(calamaris_t)
+files_read_etc_runtime_files(calamaris_t)
+
+libs_read_lib_files(calamaris_t)
+
+auth_use_nsswitch(calamaris_t)
+
+logging_send_syslog_msg(calamaris_t)
+
+miscfiles_read_localization(calamaris_t)
+
+userdom_dontaudit_list_user_home_dirs(calamaris_t)
+
+optional_policy(`
+ apache_search_sys_content(calamaris_t)
+')
+
+optional_policy(`
+ cron_system_entry(calamaris_t, calamaris_exec_t)
+')
+
+optional_policy(`
+ mta_send_mail(calamaris_t)
+')
+
+optional_policy(`
+ squid_read_log(calamaris_t)
+')