Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/denyhosts.te
blob: 8ba942504d25a1e06174a509b1c0ba1b7e009531 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

policy_module(denyhosts, 1.0.0)

########################################
#
# DenyHosts personal declarations.
#

type denyhosts_t;
type denyhosts_exec_t;
init_daemon_domain(denyhosts_t, denyhosts_exec_t)

type denyhosts_initrc_exec_t;
init_script_file(denyhosts_initrc_exec_t)

type denyhosts_var_lib_t;
files_type(denyhosts_var_lib_t)

type denyhosts_var_lock_t;
files_lock_file(denyhosts_var_lock_t)

type denyhosts_var_log_t;
logging_log_file(denyhosts_var_log_t)

########################################
#
# DenyHosts personal policy.
#

allow denyhosts_t self:netlink_route_socket create_netlink_socket_perms;
allow denyhosts_t self:tcp_socket create_socket_perms;
allow denyhosts_t self:udp_socket create_socket_perms;

manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
files_var_lib_filetrans(denyhosts_t, denyhosts_var_lib_t, file)

manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })

append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)

kernel_read_system_state(denyhosts_t)

corecmd_exec_bin(denyhosts_t)

corenet_all_recvfrom_unlabeled(denyhosts_t)
corenet_all_recvfrom_netlabel(denyhosts_t)
corenet_tcp_sendrecv_generic_if(denyhosts_t)
corenet_tcp_sendrecv_generic_node(denyhosts_t)
corenet_tcp_bind_generic_node(denyhosts_t)
corenet_tcp_connect_smtp_port(denyhosts_t)
corenet_sendrecv_smtp_client_packets(denyhosts_t)

dev_read_urand(denyhosts_t)

files_read_etc_files(denyhosts_t)

# /var/log/secure
logging_read_generic_logs(denyhosts_t)

miscfiles_read_localization(denyhosts_t)

sysnet_manage_config(denyhosts_t)
sysnet_etc_filetrans_config(denyhosts_t)

optional_policy(`
	cron_system_entry(denyhosts_t, denyhosts_exec_t)
')