Context Navigation

Changeset 91 for selinux

Timestamp:

Jan 20, 2007, 9:36:32 PM (17 years ago)

Author:

presbrey

Message:

Zephyr strict SELinux module

Location:

selinux/build

Files:

r84	r91
	1	# Joe Presbrey
	2	# presbrey@mit.edu
	3	# 2006/1/15
	4
1	5	/usr/sbin/zhm -- gen_context(system_u:object_r:zephyr_exec_t,s0)
2	6	/usr/bin/zaway -- gen_context(system_u:object_r:zephyr_bin_t,s0)

-                      r84
+                      r91
+# Joe Presbrey
+# presbrey@mit.edu
+# 2006/1/15
 interface(`zephyr_domtrans',`
         gen_requires(`
 …
 template(`zephyr_access',`
         require {
-#                type krb5_conf_t;
                 type zephyr_t, zephyr_bin_t;
+        }
         allow $1 zephyr_t:udp_socket { read write };
-#        allow $1 krb5_conf_t:file read;
         can_exec($1, zephyr_t)
         can_exec($1, zephyr_bin_t)

-                      r84
+                      r91
+# Joe Presbrey
+# presbrey@mit.edu
+# 2006/1/15
 policy_module(zephyr,1.0.0)
 …
 type zephyr_exec_t;
 domain_type(zephyr_t)
+corecmd_executable_file(zephyr_bin_t)
 init_daemon_domain(zephyr_t, zephyr_exec_t)
 ########################################
+#
 # AFS local policy
+# zephyr local policy
 files_read_etc_files(zephyr_t)
 …
 miscfiles_read_localization(zephyr_t)
-# Init script handling
 init_use_fds(zephyr_t)
 init_use_script_ptys(zephyr_t)
 domain_use_interactive_fds(zephyr_t)
 term_use_console(zephyr_t)
+allow zephyr_t self:process setsched;
+allow zephyr_t self:capability { sys_admin sys_nice sys_tty_config};
+corenet_udp_bind_generic_port(zephyr_t)
+dev_read_urand(zephyr_t)
 sysnet_dns_name_resolve(zephyr_t)
 corenet_tcp_sendrecv_all_nodes(zephyr_t)
 …
 corenet_tcp_sendrecv_all_ports(zephyr_t)
 corenet_udp_sendrecv_all_ports(zephyr_t)
+kerberos_use(zephyr_t)
+#allow zephyr_bin_t fs_t:filesystem associate;
+allow zephyr_t self:process setsched;
+allow zephyr_t self:capability { sys_admin sys_nice sys_tty_config };

Note: See TracChangeset for help on using the changeset viewer.