Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/ricci.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/ricci.te')
-rw-r--r--policy/modules/contrib/ricci.te531
1 files changed, 0 insertions, 531 deletions
diff --git a/policy/modules/contrib/ricci.te b/policy/modules/contrib/ricci.te
deleted file mode 100644
index d808ab66..00000000
--- a/policy/modules/contrib/ricci.te
+++ /dev/null
@@ -1,531 +0,0 @@
-policy_module(ricci, 1.11.0)
-
-########################################
-#
-# Declarations
-#
-
-type ricci_t;
-type ricci_exec_t;
-init_daemon_domain(ricci_t, ricci_exec_t)
-
-type ricci_initrc_exec_t;
-init_script_file(ricci_initrc_exec_t)
-
-type ricci_tmp_t;
-files_tmp_file(ricci_tmp_t)
-
-type ricci_var_lib_t;
-files_type(ricci_var_lib_t)
-
-type ricci_var_log_t;
-logging_log_file(ricci_var_log_t)
-
-type ricci_var_run_t;
-files_pid_file(ricci_var_run_t)
-
-type ricci_modcluster_t;
-type ricci_modcluster_exec_t;
-domain_type(ricci_modcluster_t)
-domain_entry_file(ricci_modcluster_t, ricci_modcluster_exec_t)
-role system_r types ricci_modcluster_t;
-
-type ricci_modcluster_var_lib_t;
-files_type(ricci_modcluster_var_lib_t)
-
-type ricci_modcluster_var_log_t;
-logging_log_file(ricci_modcluster_var_log_t)
-
-type ricci_modcluster_var_run_t;
-files_pid_file(ricci_modcluster_var_run_t)
-
-type ricci_modclusterd_t;
-type ricci_modclusterd_exec_t;
-init_daemon_domain(ricci_modclusterd_t, ricci_modclusterd_exec_t)
-
-type ricci_modclusterd_tmpfs_t;
-files_tmpfs_file(ricci_modclusterd_tmpfs_t)
-
-type ricci_modlog_t;
-type ricci_modlog_exec_t;
-domain_type(ricci_modlog_t)
-domain_entry_file(ricci_modlog_t, ricci_modlog_exec_t)
-role system_r types ricci_modlog_t;
-
-type ricci_modrpm_t;
-type ricci_modrpm_exec_t;
-domain_type(ricci_modrpm_t)
-domain_entry_file(ricci_modrpm_t, ricci_modrpm_exec_t)
-role system_r types ricci_modrpm_t;
-
-type ricci_modservice_t;
-type ricci_modservice_exec_t;
-domain_type(ricci_modservice_t)
-domain_entry_file(ricci_modservice_t, ricci_modservice_exec_t)
-role system_r types ricci_modservice_t;
-
-type ricci_modstorage_t;
-type ricci_modstorage_exec_t;
-domain_type(ricci_modstorage_t)
-domain_entry_file(ricci_modstorage_t, ricci_modstorage_exec_t)
-role system_r types ricci_modstorage_t;
-
-type ricci_modstorage_lock_t;
-files_lock_file(ricci_modstorage_lock_t)
-
-########################################
-#
-# Local policy
-#
-
-allow ricci_t self:capability { setuid sys_boot sys_nice };
-allow ricci_t self:process setsched;
-allow ricci_t self:fifo_file rw_fifo_file_perms;
-allow ricci_t self:unix_stream_socket { accept connectto listen };
-allow ricci_t self:tcp_socket { accept listen };
-
-domtrans_pattern(ricci_t, ricci_modcluster_exec_t, ricci_modcluster_t)
-domtrans_pattern(ricci_t, ricci_modlog_exec_t, ricci_modlog_t)
-domtrans_pattern(ricci_t, ricci_modrpm_exec_t, ricci_modrpm_t)
-domtrans_pattern(ricci_t, ricci_modservice_exec_t, ricci_modservice_t)
-domtrans_pattern(ricci_t, ricci_modstorage_exec_t, ricci_modstorage_t)
-
-manage_dirs_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
-manage_files_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
-files_tmp_filetrans(ricci_t, ricci_tmp_t, { file dir })
-
-manage_dirs_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
-manage_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
-manage_sock_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
-files_var_lib_filetrans(ricci_t, ricci_var_lib_t, { file dir sock_file })
-
-allow ricci_t ricci_var_log_t:dir setattr_dir_perms;
-append_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
-create_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
-setattr_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
-manage_sock_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
-logging_log_filetrans(ricci_t, ricci_var_log_t, { sock_file file dir })
-
-manage_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
-manage_sock_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
-files_pid_filetrans(ricci_t, ricci_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(ricci_t)
-kernel_read_system_state(ricci_t)
-
-corecmd_exec_bin(ricci_t)
-
-corenet_all_recvfrom_unlabeled(ricci_t)
-corenet_all_recvfrom_netlabel(ricci_t)
-corenet_tcp_sendrecv_generic_if(ricci_t)
-corenet_tcp_sendrecv_generic_node(ricci_t)
-corenet_tcp_bind_generic_node(ricci_t)
-corenet_udp_bind_generic_node(ricci_t)
-
-corenet_sendrecv_ricci_server_packets(ricci_t)
-corenet_tcp_bind_ricci_port(ricci_t)
-corenet_tcp_sendrecv_ricci_port(ricci_t)
-corenet_udp_bind_ricci_port(ricci_t)
-corenet_udp_sendrecv_ricci_port(ricci_t)
-
-corenet_sendrecv_http_client_packets(ricci_t)
-corenet_tcp_connect_http_port(ricci_t)
-corenet_tcp_sendrecv_http_port(ricci_t)
-
-dev_read_urand(ricci_t)
-
-domain_read_all_domains_state(ricci_t)
-
-files_read_etc_files(ricci_t)
-files_read_etc_runtime_files(ricci_t)
-files_create_boot_flag(ricci_t)
-
-auth_domtrans_chk_passwd(ricci_t)
-auth_append_login_records(ricci_t)
-
-init_stream_connect_script(ricci_t)
-
-locallogin_dontaudit_use_fds(ricci_t)
-
-logging_send_syslog_msg(ricci_t)
-
-miscfiles_read_localization(ricci_t)
-
-sysnet_dns_name_resolve(ricci_t)
-
-optional_policy(`
- ccs_read_config(ricci_t)
-')
-
-optional_policy(`
- dbus_system_bus_client(ricci_t)
-
- optional_policy(`
- oddjob_dbus_chat(ricci_t)
- ')
-')
-
-optional_policy(`
- corecmd_bin_entry_type(ricci_t)
- term_dontaudit_search_ptys(ricci_t)
- init_exec(ricci_t)
-
- oddjob_system_entry(ricci_t, ricci_exec_t)
-')
-
-optional_policy(`
- rpm_use_script_fds(ricci_t)
-')
-
-optional_policy(`
- sasl_connect(ricci_t)
-')
-
-optional_policy(`
- shutdown_domtrans(ricci_t)
-')
-
-optional_policy(`
- unconfined_use_fds(ricci_t)
-')
-
-optional_policy(`
- xen_domtrans_xm(ricci_t)
-')
-
-########################################
-#
-# Modcluster local policy
-#
-
-allow ricci_modcluster_t self:capability sys_nice;
-allow ricci_modcluster_t self:process setsched;
-allow ricci_modcluster_t self:fifo_file rw_fifo_file_perms;
-
-kernel_read_kernel_sysctls(ricci_modcluster_t)
-kernel_read_system_state(ricci_modcluster_t)
-
-corecmd_exec_bin(ricci_modcluster_t)
-corecmd_exec_shell(ricci_modcluster_t)
-
-corenet_all_recvfrom_unlabeled(ricci_modcluster_t)
-corenet_all_recvfrom_netlabel(ricci_modcluster_t)
-corenet_tcp_sendrecv_generic_if(ricci_modcluster_t)
-corenet_tcp_sendrecv_generic_node(ricci_modcluster_t)
-corenet_tcp_sendrecv_all_ports(ricci_modcluster_t)
-corenet_tcp_bind_generic_node(ricci_modcluster_t)
-
-corenet_sendrecv_all_server_packets(ricci_modcluster_t)
-corenet_tcp_bind_all_rpc_ports(ricci_modcluster_t)
-
-corenet_tcp_bind_cluster_port(ricci_modcluster_t)
-corenet_sendrecv_cluster_client_packets(ricci_modcluster_t)
-corenet_tcp_connect_cluster_port(ricci_modcluster_t)
-
-domain_read_all_domains_state(ricci_modcluster_t)
-
-files_search_locks(ricci_modcluster_t)
-files_read_etc_runtime_files(ricci_modcluster_t)
-files_search_usr(ricci_modcluster_t)
-
-auth_use_nsswitch(ricci_modcluster_t)
-
-init_exec(ricci_modcluster_t)
-init_domtrans_script(ricci_modcluster_t)
-
-logging_send_syslog_msg(ricci_modcluster_t)
-
-miscfiles_read_localization(ricci_modcluster_t)
-
-ricci_stream_connect_modclusterd(ricci_modcluster_t)
-
-optional_policy(`
- aisexec_stream_connect(ricci_modcluster_t)
- corosync_stream_connect(ricci_modcluster_t)
-')
-
-optional_policy(`
- ccs_stream_connect(ricci_modcluster_t)
- ccs_domtrans(ricci_modcluster_t)
- ccs_manage_config(ricci_modcluster_t)
-')
-
-optional_policy(`
- lvm_domtrans(ricci_modcluster_t)
-')
-
-optional_policy(`
- modutils_domtrans(ricci_modcluster_t)
-')
-
-optional_policy(`
- mount_domtrans(ricci_modcluster_t)
-')
-
-optional_policy(`
- consoletype_exec(ricci_modcluster_t)
-')
-
-optional_policy(`
- oddjob_system_entry(ricci_modcluster_t, ricci_modcluster_exec_t)
-')
-
-optional_policy(`
- rgmanager_stream_connect(ricci_modcluster_t)
-')
-
-########################################
-#
-# Modclusterd local policy
-#
-
-allow ricci_modclusterd_t self:capability { sys_nice sys_tty_config };
-allow ricci_modclusterd_t self:process { signal sigkill setsched };
-allow ricci_modclusterd_t self:fifo_file rw_fifo_file_perms;
-allow ricci_modclusterd_t self:unix_stream_socket create_stream_socket_perms;
-allow ricci_modclusterd_t self:tcp_socket create_stream_socket_perms;
-allow ricci_modclusterd_t self:socket create_socket_perms;
-
-allow ricci_modclusterd_t ricci_modcluster_t:unix_stream_socket connectto;
-allow ricci_modclusterd_t ricci_modcluster_t:fifo_file rw_fifo_file_perms;
-
-manage_dirs_pattern(ricci_modclusterd_t, ricci_modclusterd_tmpfs_t, ricci_modclusterd_tmpfs_t)
-manage_files_pattern(ricci_modclusterd_t, ricci_modclusterd_tmpfs_t, ricci_modclusterd_tmpfs_t)
-fs_tmpfs_filetrans(ricci_modclusterd_t, ricci_modclusterd_tmpfs_t, { dir file })
-
-allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr_dir_perms;
-append_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
-create_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
-setattr_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
-manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
-logging_log_filetrans(ricci_modclusterd_t, ricci_modcluster_var_log_t, { sock_file file dir })
-
-manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
-manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
-files_pid_filetrans(ricci_modclusterd_t, ricci_modcluster_var_run_t, { file sock_file })
-
-kernel_read_kernel_sysctls(ricci_modclusterd_t)
-kernel_read_system_state(ricci_modclusterd_t)
-kernel_request_load_module(ricci_modclusterd_t)
-
-corecmd_exec_bin(ricci_modclusterd_t)
-
-corenet_all_recvfrom_unlabeled(ricci_modclusterd_t)
-corenet_all_recvfrom_netlabel(ricci_modclusterd_t)
-corenet_tcp_sendrecv_generic_if(ricci_modclusterd_t)
-corenet_tcp_sendrecv_generic_node(ricci_modclusterd_t)
-corenet_tcp_bind_generic_node(ricci_modclusterd_t)
-
-corenet_sendrecv_ricci_modcluster_server_packets(ricci_modclusterd_t)
-corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t)
-corenet_sendrecv_ricci_modcluster_client_packets(ricci_modclusterd_t)
-corenet_tcp_connect_ricci_modcluster_port(ricci_modclusterd_t)
-corenet_tcp_sendrecv_ricci_modcluster_port(ricci_modclusterd_t)
-
-domain_read_all_domains_state(ricci_modclusterd_t)
-
-files_read_etc_runtime_files(ricci_modclusterd_t)
-
-fs_getattr_xattr_fs(ricci_modclusterd_t)
-
-auth_use_nsswitch(ricci_modclusterd_t)
-
-init_stream_connect_script(ricci_modclusterd_t)
-
-locallogin_dontaudit_use_fds(ricci_modclusterd_t)
-
-logging_send_syslog_msg(ricci_modclusterd_t)
-
-miscfiles_read_localization(ricci_modclusterd_t)
-
-sysnet_domtrans_ifconfig(ricci_modclusterd_t)
-
-optional_policy(`
- aisexec_stream_connect(ricci_modclusterd_t)
- corosync_stream_connect(ricci_modclusterd_t)
-')
-
-optional_policy(`
- ccs_domtrans(ricci_modclusterd_t)
- ccs_stream_connect(ricci_modclusterd_t)
- ccs_read_config(ricci_modclusterd_t)
-')
-
-optional_policy(`
- rgmanager_stream_connect(ricci_modclusterd_t)
-')
-
-optional_policy(`
- unconfined_use_fds(ricci_modclusterd_t)
-')
-
-########################################
-#
-# Modlog local policy
-#
-
-allow ricci_modlog_t self:capability sys_nice;
-allow ricci_modlog_t self:process setsched;
-
-kernel_read_kernel_sysctls(ricci_modlog_t)
-kernel_read_system_state(ricci_modlog_t)
-
-corecmd_exec_bin(ricci_modlog_t)
-
-domain_read_all_domains_state(ricci_modlog_t)
-
-files_read_etc_files(ricci_modlog_t)
-files_search_usr(ricci_modlog_t)
-
-logging_read_generic_logs(ricci_modlog_t)
-
-miscfiles_read_localization(ricci_modlog_t)
-
-optional_policy(`
- nscd_dontaudit_search_pid(ricci_modlog_t)
-')
-
-optional_policy(`
- oddjob_system_entry(ricci_modlog_t, ricci_modlog_exec_t)
-')
-
-########################################
-#
-# Modrpm local policy
-#
-
-allow ricci_modrpm_t self:fifo_file read_fifo_file_perms;
-
-kernel_read_kernel_sysctls(ricci_modrpm_t)
-
-corecmd_exec_bin(ricci_modrpm_t)
-
-files_search_usr(ricci_modrpm_t)
-files_read_etc_files(ricci_modrpm_t)
-
-miscfiles_read_localization(ricci_modrpm_t)
-
-optional_policy(`
- oddjob_system_entry(ricci_modrpm_t, ricci_modrpm_exec_t)
-')
-
-optional_policy(`
- rpm_domtrans(ricci_modrpm_t)
-')
-
-########################################
-#
-# Modservice local policy
-#
-
-allow ricci_modservice_t self:capability { dac_override sys_nice };
-allow ricci_modservice_t self:process setsched;
-allow ricci_modservice_t self:fifo_file rw_fifo_file_perms;
-
-kernel_read_kernel_sysctls(ricci_modservice_t)
-kernel_read_system_state(ricci_modservice_t)
-
-corecmd_exec_bin(ricci_modservice_t)
-corecmd_exec_shell(ricci_modservice_t)
-
-files_read_etc_files(ricci_modservice_t)
-files_read_etc_runtime_files(ricci_modservice_t)
-files_search_usr(ricci_modservice_t)
-files_manage_etc_symlinks(ricci_modservice_t)
-
-init_domtrans_script(ricci_modservice_t)
-
-miscfiles_read_localization(ricci_modservice_t)
-
-optional_policy(`
- ccs_read_config(ricci_modservice_t)
-')
-
-optional_policy(`
- consoletype_exec(ricci_modservice_t)
-')
-
-optional_policy(`
- nscd_dontaudit_search_pid(ricci_modservice_t)
-')
-
-optional_policy(`
- oddjob_system_entry(ricci_modservice_t, ricci_modservice_exec_t)
-')
-
-########################################
-#
-# Modstorage local policy
-#
-
-allow ricci_modstorage_t self:capability { mknod sys_nice };
-allow ricci_modstorage_t self:process { setsched signal };
-dontaudit ricci_modstorage_t self:process ptrace;
-allow ricci_modstorage_t self:fifo_file rw_fifo_file_perms;
-
-kernel_read_kernel_sysctls(ricci_modstorage_t)
-kernel_read_system_state(ricci_modstorage_t)
-
-create_files_pattern(ricci_modstorage_t, ricci_modstorage_lock_t, ricci_modstorage_lock_t)
-files_lock_filetrans(ricci_modstorage_t, ricci_modstorage_lock_t, file)
-
-corecmd_exec_bin(ricci_modstorage_t)
-corecmd_exec_shell(ricci_modstorage_t)
-
-dev_read_sysfs(ricci_modstorage_t)
-dev_read_urand(ricci_modstorage_t)
-dev_manage_generic_blk_files(ricci_modstorage_t)
-
-domain_read_all_domains_state(ricci_modstorage_t)
-
-files_manage_etc_files(ricci_modstorage_t)
-files_read_etc_runtime_files(ricci_modstorage_t)
-files_read_usr_files(ricci_modstorage_t)
-files_read_kernel_modules(ricci_modstorage_t)
-
-storage_raw_read_fixed_disk(ricci_modstorage_t)
-
-term_dontaudit_use_console(ricci_modstorage_t)
-
-logging_send_syslog_msg(ricci_modstorage_t)
-
-miscfiles_read_localization(ricci_modstorage_t)
-
-optional_policy(`
- aisexec_stream_connect(ricci_modstorage_t)
- corosync_stream_connect(ricci_modstorage_t)
-')
-
-optional_policy(`
- ccs_stream_connect(ricci_modstorage_t)
- ccs_read_config(ricci_modstorage_t)
-')
-
-optional_policy(`
- consoletype_exec(ricci_modstorage_t)
-')
-
-optional_policy(`
- fstools_domtrans(ricci_modstorage_t)
-')
-
-optional_policy(`
- lvm_domtrans(ricci_modstorage_t)
- lvm_manage_config(ricci_modstorage_t)
-')
-
-optional_policy(`
- modutils_read_module_deps(ricci_modstorage_t)
-')
-
-optional_policy(`
- mount_domtrans(ricci_modstorage_t)
-')
-
-optional_policy(`
- oddjob_system_entry(ricci_modstorage_t, ricci_modstorage_exec_t)
-')
-
-optional_policy(`
- raid_domtrans_mdadm(ricci_modstorage_t)
-')