Attachment 21453 Details for Bug 34672 – type_enforcement file

type_enforcement file

clockspeed.te (text/plain), 2.88 KB, created by petre rodan (RETIRED) on 2003-11-28 23:37:24 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: petre rodan (RETIRED)

Created: 2003-11-28 23:37:24 UTC

Size: 2.88 KB

patch

obsolete

># $Id: clockspeed.te,v 1.8 2003/11/28 15:11:55 peter Exp $
>#
># author Petre Rodan <petre.rodan@ravantivirus.com>
>#
># get the latest version of this file from
># http://team.rav.ro/peter/policy.tar.gz
>#
>#
># the clockspeed infrastructure is taken from the latest gentoo ebuid +
># http://foo42.de/devel/sysutils/clockspeed-conf/
>#
>
>type cs_cs_t, file_type, exec_type, sysadmfile;
>type cs_add_t, file_type, exec_type, sysadmfile;
>type cs_view_t, file_type, exec_type,  sysadmfile;
>type cs_clock_t, file_type, exec_type, sysadmfile;
>type cs_taiclock_t, file_type, exec_type, sysadmfile;
>type cs_taiclockd_t, file_type, exec_type, sysadmfile;
>type cs_ntpcs_t, file_type, exec_type, sysadmfile;
>
>type cs_etc_t, file_type, sysadmfile;
>type cs_adjust_t, file_type, sysadmfile;
>type cs_atto_t, file_type, sysadmfile;
>
>type clockspeed_t, domain;
>
>role sysadm_r types clockspeed_t;
>role system_r types clockspeed_t;
>
>allow sysadm_t { cs_add_t cs_clock_t cs_view_t }:file { execute execute_no_trans };
>
>domain_auto_trans( { sysadm_t initrc_t }, { cs_cs_t cs_add_t cs_view_t cs_clock_t cs_taiclock_t cs_taiclock_t cs_taiclockd_t cs_ntpcs_t }, clockspeed_t);
>
>ifdef(`svc.te', `
>domain_auto_trans( svc_t, { cs_cs_t cs_add_t cs_view_t cs_clock_t cs_taiclock_t cs_taiclock_t cs_taiclockd_t cs_ntpcs_t }, clockspeed_t);
>')
>
>allow clockspeed_t self:capability { sys_time };
>uses_shlib(clockspeed_t);
>
># not sure about these
>allow clockspeed_t device_t:dir { search };
>allow clockspeed_t etc_t:dir { search };
>allow clockspeed_t etc_t:file { read };
>allow clockspeed_t newrole_t:fd { use };
>allow clockspeed_t sysadm_devpts_t:chr_file { read write };
>allow clockspeed_t console_device_t:chr_file { read write };
>allow clockspeed_t init_t:fd { use };
>
>
># clockview needs /etc/localtime
>allow clockspeed_t etc_t:lnk_file { read };
>allow clockspeed_t locale_t:dir { search };
>allow clockspeed_t locale_t:file { getattr read };
>
># sntpclock reads /etc/leapsecs
>allow clockspeed_t cs_etc_t:file { getattr read };
>
># the clockspeed binary needs these
>allow clockspeed_t cs_adjust_t:fifo_file { read write };
>allow clockspeed_t cs_atto_t:file { read };
>
># the default svc script makes a chmod
>allow initrc_t cs_adjust_t:fifo_file { setattr };
>
># `> /dev/null`
>allow clockspeed_t null_device_t:chr_file { write };
>
>allow initrc_t cs_adjust_t:fifo_file { write };
>
># this shoud be modified after cs_atto_t will have a logical place in the fs
>allow clockspeed_t cs_atto_t:file { unlink };
>allow clockspeed_t etc_t:dir { add_name remove_name write };
>allow clockspeed_t etc_t:file { create rename write };
>
>ifdef(`svc.te', `
>allow svc_t cs_adjust_t:fifo_file { getattr setattr };
>')
>
>ifdef(`crond.te', `
>role crond_r types clockspeed_t;
>domain_auto_trans(system_crond_t, { cs_cs_t cs_add_t cs_view_t cs_clock_t cs_taiclock_t cs_taiclock_t cs_taiclockd_t cs_ntpcs_t }, clockspeed_t);
>allow clockspeed_t crond_t:fd { use };
>allow clockspeed_t crond_t:fifo_file { read write };
>')
>
>

Actions: View

Attachments on bug 34672: 21452 | 21453 | 22074 | 22075 | 22090 | 22096 | 22097