Skip Research MenusResearch Menu
|
Can you upstream this policy?
- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.1/policy/modules/admin/amtu.fc 2007-05-30 09:25:53.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
+
- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.1/policy/modules/admin/amtu.if 2007-05-30 09:25:53.000000000 -0400
@@ -0,0 +1,53 @@
+## <summary>
+## abstract Machine Test Utility
+## </summary>
+
+########################################
+## <summary>
+## Execute amtu in the amtu domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`amtu_domtrans',`
+ gen_require(`
+ type amtu_t, amtu_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1,amtu_exec_t,amtu_t)
+')
+
+########################################
+## <summary>
+## Execute amtu in the amtu domain, and
+## allow the specified role the amtu domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to be allowed the amtu domain.
+## </summary>
+## </param>
+## <param name="terminal">
+## <summary>
+## The type of the terminal allow the amtu domain to use.
+## </summary>
+## </param>
+#
+interface(`amtu_run',`
+ gen_require(`
+ type amtu_t;
+ ')
+
+ amtu_domtrans($1)
+ role $2 types amtu_t;
+ allow amtu_t $3:chr_file rw_term_perms;
+')
- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.1/policy/modules/admin/amtu.te 2007-05-30 09:25:53.000000000 -0400
@@ -0,0 +1,57 @@
+policy_module(amtu,1.0.23)
+
+########################################
+#
+# Declarations
+#
+
+type amtu_t;
+type amtu_exec_t;
+domain_type(amtu_t)
+domain_entry_file(amtu_t, amtu_exec_t)
+
+########################################
+#
+# amtu local policy
+#
+
+# Specific allow rules required for amtu
+allow amtu_t self:capability net_raw;
+allow amtu_t self:packet_socket { bind create read write };
+allow amtu_t self:udp_socket { create ioctl };
+
+files_manage_boot_files(amtu_t)
+files_read_etc_runtime_files(amtu_t)
+files_read_etc_files(amtu_t)
+
+kernel_read_system_state(amtu_t)
+
+libs_use_ld_so(amtu_t)
+libs_use_shared_libs(amtu_t)
+
+logging_send_audit_msg(amtu_t)
+
+optional_policy(`
+ seutil_use_newrole_fds(amtu_t)
+');
+
+optional_policy(`
+ userdom_use_sysadm_fds(amtu_t)
+');
+
+optional_policy(`
+ userdom_sigchld_sysadm(amtu_t)
+');
+
+optional_policy(`
+ nscd_dontaudit_search_pid(amtu_t)
+');
+
+optional_policy(`
+ kernel_dontaudit_read_system_state(amtu_t)
+');
+
+optional_policy(`
+ term_dontaudit_search_ptys(amtu_t)
+');
+
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Received on Wed 30 May 2007 - 13:37:01 EDT
|
|