diff options
Diffstat (limited to 'policy/modules/contrib/clogd.te')
| -rw-r--r-- | policy/modules/contrib/clogd.te | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/policy/modules/contrib/clogd.te b/policy/modules/contrib/clogd.te new file mode 100644 index 00000000..60773390 --- /dev/null +++ b/policy/modules/contrib/clogd.te @@ -0,0 +1,54 @@ +policy_module(clogd, 1.0.0) + +######################################## +# +# Declarations +# + +type clogd_t; +type clogd_exec_t; +init_daemon_domain(clogd_t, clogd_exec_t) + +type clogd_tmpfs_t; +files_tmpfs_file(clogd_tmpfs_t) + +# pid files +type clogd_var_run_t; +files_pid_file(clogd_var_run_t) + +######################################## +# +# clogd local policy +# + +allow clogd_t self:capability { net_admin mknod }; +allow clogd_t self:process signal; + +allow clogd_t self:sem create_sem_perms; +allow clogd_t self:shm create_shm_perms; +allow clogd_t self:netlink_socket create_socket_perms; +allow clogd_t self:unix_dgram_socket create_socket_perms; + +manage_dirs_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t) +manage_files_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t) +fs_tmpfs_filetrans(clogd_t, clogd_tmpfs_t, { dir file }) + +# pid files +manage_files_pattern(clogd_t, clogd_var_run_t, clogd_var_run_t) +manage_sock_files_pattern(clogd_t, clogd_var_run_t, clogd_var_run_t) +files_pid_filetrans(clogd_t, clogd_var_run_t, { file }) + +dev_read_lvm_control(clogd_t) +dev_manage_generic_blk_files(clogd_t) + +storage_raw_read_fixed_disk(clogd_t) +storage_raw_write_fixed_disk(clogd_t) + +logging_send_syslog_msg(clogd_t) + +miscfiles_read_localization(clogd_t) + +optional_policy(` + aisexec_stream_connect(clogd_t) + corosync_stream_connect(clogd_t) +') |