source: selinux/build/zephyr.te @ 451

Last change on this file since 451 was 91, checked in by presbrey, 18 years ago
Zephyr strict SELinux module
File size: 1.0 KB
Line 
1# Joe Presbrey
2# presbrey@mit.edu
3# 2006/1/15
4
5policy_module(zephyr,1.0.0)
6
7########################################
8#
9# Declarations
10#
11
12type zephyr_t;
13type zephyr_bin_t;
14type zephyr_exec_t;
15domain_type(zephyr_t)
16corecmd_executable_file(zephyr_bin_t)
17init_daemon_domain(zephyr_t, zephyr_exec_t)
18
19########################################
20#
21# zephyr local policy
22
23files_read_etc_files(zephyr_t)
24files_rw_etc_runtime_files(zephyr_t)
25libs_use_ld_so(zephyr_t)
26libs_use_shared_libs(zephyr_t)
27miscfiles_read_localization(zephyr_t)
28
29init_use_fds(zephyr_t)
30init_use_script_ptys(zephyr_t)
31domain_use_interactive_fds(zephyr_t)
32term_use_console(zephyr_t)
33corenet_udp_bind_generic_port(zephyr_t)
34dev_read_urand(zephyr_t)
35sysnet_dns_name_resolve(zephyr_t)
36corenet_tcp_sendrecv_all_nodes(zephyr_t)
37corenet_udp_sendrecv_all_nodes(zephyr_t)
38corenet_tcp_sendrecv_all_ports(zephyr_t)
39corenet_udp_sendrecv_all_ports(zephyr_t)
40kerberos_use(zephyr_t)
41
42allow zephyr_t self:process setsched;
43allow zephyr_t self:capability { sys_admin sys_nice sys_tty_config };
Note: See TracBrowser for help on using the repository browser.