Changeset 79 for selinux/build/afsd.te
- Timestamp:
- Jan 19, 2007, 6:58:44 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
selinux/build/afsd.te
r28 r79 14 14 type afsd_etc_t; 15 15 type afsd_cache_t; 16 #files_type(afsd_etc_t) 16 17 files_type(afsd_etc_t) 17 18 files_type(afsd_cache_t) … … 35 36 init_use_script_ptys(afsd_t) 36 37 domain_use_interactive_fds(afsd_t) 38 term_use_console(afsd_t) 37 39 38 40 files_mounton_default(afsd_t) … … 53 55 allow afsd_t self:capability { sys_admin sys_nice sys_tty_config}; 54 56 57 #allow afsd_t lo_node_t:node all_node_perms; 58 #allow afsd_t net_conf_t:file read; 59 sysnet_dns_name_resolve(afsd_t) 60 corenet_tcp_sendrecv_all_nodes(afsd_t) 61 corenet_udp_sendrecv_all_nodes(afsd_t) 62 63 55 64 require { 56 65 type afs_bos_port_t,afs_fs_port_t,afs_fs_port_t,afs_ka_port_t,afs_pt_port_t,afs_vl_port_t; 57 66 type netif_t, node_t; 67 type kernel_t; 58 68 } 59 69 allow afsd_t { self afs_bos_port_t afs_fs_port_t afs_fs_port_t afs_ka_port_t afs_pt_port_t afs_vl_port_t }:tcp_socket all_tcp_socket_perms; … … 62 72 allow afsd_t node_t:node { udp_recv udp_send }; 63 73 64 require { 65 type crond_t, kernel_t, sshd_t, user_t; 66 } 67 afs_access(afsd_t); 68 afs_access(crond_t); 69 afs_access(kernel_t); 70 afs_access(sshd_t); 71 afs_access(user_t); 72 73 require { 74 type initrc_t; 75 } 76 # init.d script sets up cell files: 77 allow initrc_t afsd_etc_t:file { setattr write }; 78 # permit aklog: 79 allow user_t proc_t:file write; 74 allow afsd_t kernel_t:key all_key_perms;
Note: See TracChangeset
for help on using the changeset viewer.