Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 23601 Details for
Bug 37180
net-misc/dhcp policy files
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
type_enforcement
dhcpd.te (text/plain), 2.43 KB, created by
petre rodan (RETIRED)
on 2004-01-11 08:34:47 UTC
(
hide
)
Description:
type_enforcement
Filename:
MIME Type:
Creator:
petre rodan (RETIRED)
Created:
2004-01-11 08:34:47 UTC
Size:
2.43 KB
patch
obsolete
>#DESC DHCPD - DHCP server ># ># Author: Russell Coker <russell@coker.com.au> ># based on the dhcpc_t policy from: ># Wayne Salamon (NAI Labs) <wsalamon@tislabs.com> ># X-Debian-Packages: dhcp dhcp3-server ># > >################################# ># ># Rules for the dhcpd_t domain. ># ># dhcpd_t is the domain for the server side of DHCP. dhcpd, the DHCP ># server daemon rc scripts, runs in this domain. ># dhcpd_exec_t is the type of the dhcpdd executable. ># The dhcpd_t can be used for other DHCPC related files as well. ># >daemon_domain(dhcpd) > ># for UDP port 67 >type dhcpd_port_t, port_type; >allow dhcpd_t dhcpd_port_t:udp_socket name_bind; > >type etc_dhcp_t alias { etc_dhcpc_t etc_dhcpd_t }, file_type, sysadmfile; > ># Use the network. >can_network(dhcpd_t) >allow dhcpd_t resolv_conf_t:file { getattr read }; >allow dhcpd_t self:unix_dgram_socket create_socket_perms; >allow dhcpd_t self:unix_stream_socket create_socket_perms; > >allow dhcpd_t var_lib_t:dir search; > >allow dhcpd_t devtty_t:chr_file { read write }; > ># Use capabilities >allow dhcpd_t dhcpd_t:capability { net_raw net_bind_service }; > ># Allow access to the dhcpd file types >type dhcp_state_t, file_type, sysadmfile; >type dhcpd_state_t, file_type, sysadmfile; >allow dhcpd_t etc_dhcp_t:file { read getattr }; >allow dhcpd_t etc_dhcp_t:dir search; >file_type_auto_trans(dhcpd_t, dhcp_state_t, dhcpd_state_t, file) > >allow dhcpd_t etc_t:lnk_file read; >allow dhcpd_t { etc_t etc_runtime_t }:file r_file_perms; > ># Allow dhcpd_t programs to execute themselves and bin_t (uname etc) >can_exec(dhcpd_t, { dhcpd_exec_t bin_t }) > ># Allow dhcpd_t to use packet sockets >allow dhcpd_t self:packet_socket create_socket_perms; >allow dhcpd_t self:rawip_socket create_socket_perms; >allow dhcpd_t { netmsg_eth0_t netmsg_eth1_t }:packet_socket recvfrom; > ># allow to run utilities and scripts >allow dhcpd_t { bin_t sbin_t }:dir r_dir_perms; >allow dhcpd_t { bin_t sbin_t }:{ file lnk_file } rx_file_perms; >allow dhcpd_t self:fifo_file { read write getattr }; > ># allow reading /proc >allow dhcpd_t proc_t:{ file lnk_file } r_file_perms; > >dontaudit dhcpd_t domain:packet_socket recvfrom; >dontaudit dhcpd_t { netmsg_t icmp_socket_t tcp_socket_t igmp_packet_t }:packet_socket recvfrom; >dontaudit dhcpd_t icmp_socket_t:rawip_socket recvfrom; >dontaudit dhcpd_t any_socket_t:rawip_socket sendto; > ># gentoo-related >allow dhcpd_t self:capability { dac_override setgid setuid sys_chroot }; > ># stupid initrc script >allow initrc_t dhcpd_state_t:file { setattr };
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=23601">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 37180
:
23131
|
23132
|
23600
| 23601
