Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListNew policy for razor
From: David Hampton <hampton-rh_at_rainbolthampton.net>
Date: Mon, 21 Mar 2005 20:23:10 -0500
David
# razor /etc/razor(/.*)? system_u:object_r:razor_etc_t /usr/bin/razor.* system_u:object_r:razor_exec_t /var/lib/razor(/.*)? system_u:object_r:razor_var_lib_t /var/log/razor-agent.log system_u:object_r:razor_log_t HOME_DIR/\.razor(/.*)? system_u:object_r:ROLE_razor_home_t
#
##########
# Razor is one executable and several symlinks
# Networking general_proc_read_access($1_t)
# Read system config file
# Update razor common files create_dir_file($1_t, razor_log_t) allow $1_t var_lib_t:dir search; create_dir_file($1_t, razor_var_lib_t) allow $1_t bin_t:dir { getattr search }; allow $1_t bin_t:file getattr; allow $1_t lib_t:file { getattr read }; allow $1_t { var_t var_run_t }:dir search; uses_shlib($1_t)
# Razor forks other programs to do part of its work.
# mktemp and other randoms
# Allow access to various files in the /etc/directory including mtab
#
define(`razor_domain',`
razor_base_domain($1_razor)
# Per-user config/data files tmp_domain($1_razor) allow $1_razor_t self:unix_stream_socket create_stream_socket_perms;
# Allow razor to be run by hand. Needed by any action other than
#
# NOTE: This policy will work with either the ATrpms provided config type razor_port_t, port_type, reserved_port_type;
########## razor_base_domain(razor)
# Razor config file directory. When invoked as razor-admin, it can
# Shared razor files updated freuently
# Log files
##########
# ifdef(`spamd.te', `razor_access(spamd_t)'); ifdef(`amavis.te', `razor_access(amavisd_t)'); -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 21 Mar 2005 - 20:23:00 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |