source: selinux/build/afsd.if @ 81

Last change on this file since 81 was 81, checked in by presbrey, 15 years ago
more specific SELinux AFS access interface procmail can spawn system binaries
File size: 1.1 KB
Line 
1## <summary>policy for afs</summary>
2
3########################################
4## <summary>
5##      Execute a domain transition to run afs.
6## </summary>
7## <param name="domain">
8## <summary>
9##      Domain allowed to transition.
10## </summary>
11## </param>
12#
13interface(`afsd_domtrans',`
14        gen_require(`
15                type afsd_t, afsd_exec_t;
16        ')
17
18        domain_auto_trans($1,afsd_exec_t,afsd_t)
19
20        allow $1 afsd_t:fd use;
21        allow afsd_t $1:fd use;
22        allow afsd_t $1:fifo_file rw_file_perms;
23        allow afsd_t $1:process sigchld;
24')
25
26interface(`afs_access',`
27        gen_require(`
28                type afsd_t, afsd_etc_t;
29                type autofs_t, nfs_t;
30        ')
31        allow $1 afsd_t:udp_socket all_udp_socket_perms;
32        allow $1 afsd_etc_t:dir r_dir_perms;
33        allow $1 afsd_etc_t:file r_file_perms;
34        allow $1 afsd_etc_t:lnk_file r_file_perms;
35        allow $1 autofs_t:dir all_dir_perms;
36        allow $1 autofs_t:lnk_file all_lnk_file_perms;
37        allow $1 nfs_t:dir all_dir_perms;
38        allow $1 nfs_t:file all_file_perms;
39        allow $1 nfs_t:lnk_file all_lnk_file_perms;
40        allow $1 nfs_t:sock_file all_sock_file_perms;
41        allow $1 nfs_t:fifo_file all_fifo_file_perms;
42        allow $1 nfs_t:chr_file all_chr_file_perms;
43        allow $1 nfs_t:blk_file all_blk_file_perms;
44')
Note: See TracBrowser for help on using the repository browser.