Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/zebra.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/zebra.te')
-rw-r--r--policy/modules/contrib/zebra.te141
1 files changed, 0 insertions, 141 deletions
diff --git a/policy/modules/contrib/zebra.te b/policy/modules/contrib/zebra.te
deleted file mode 100644
index 19bc9943..00000000
--- a/policy/modules/contrib/zebra.te
+++ /dev/null
@@ -1,141 +0,0 @@
-policy_module(zebra, 1.16.0)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Determine whether zebra daemon can
-## manage its configuration files.
-## </p>
-## </desc>
-gen_tunable(allow_zebra_write_config, false)
-
-type zebra_t;
-type zebra_exec_t;
-init_daemon_domain(zebra_t, zebra_exec_t)
-
-type zebra_conf_t;
-files_type(zebra_conf_t)
-
-type zebra_initrc_exec_t;
-init_script_file(zebra_initrc_exec_t)
-
-type zebra_log_t;
-logging_log_file(zebra_log_t)
-
-type zebra_tmp_t;
-files_tmp_file(zebra_tmp_t)
-
-type zebra_var_run_t;
-files_pid_file(zebra_var_run_t)
-
-########################################
-#
-# Local policy
-#
-
-allow zebra_t self:capability { net_admin net_raw setgid setuid };
-dontaudit zebra_t self:capability sys_tty_config;
-allow zebra_t self:process { signal_perms getcap setcap };
-allow zebra_t self:fifo_file rw_fifo_file_perms;
-allow zebra_t self:unix_stream_socket { accept connectto listen };
-allow zebra_t self:netlink_route_socket rw_netlink_socket_perms;
-allow zebra_t self:tcp_socket { connect connected_stream_socket_perms };
-allow zebra_t self:udp_socket create_socket_perms;
-allow zebra_t self:rawip_socket create_socket_perms;
-
-allow zebra_t zebra_conf_t:dir list_dir_perms;
-allow zebra_t zebra_conf_t:file read_file_perms;
-allow zebra_t zebra_conf_t:lnk_file read_lnk_file_perms;
-
-allow zebra_t zebra_log_t:dir setattr_dir_perms;
-append_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
-create_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
-setattr_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
-manage_sock_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
-logging_log_filetrans(zebra_t, zebra_log_t, { sock_file file dir })
-
-allow zebra_t zebra_tmp_t:sock_file manage_sock_file_perms;
-files_tmp_filetrans(zebra_t, zebra_tmp_t, sock_file)
-
-manage_dirs_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-manage_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-manage_sock_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
-files_pid_filetrans(zebra_t, zebra_var_run_t, { dir file sock_file })
-
-kernel_read_system_state(zebra_t)
-kernel_read_network_state(zebra_t)
-kernel_read_kernel_sysctls(zebra_t)
-kernel_rw_net_sysctls(zebra_t)
-
-corenet_all_recvfrom_unlabeled(zebra_t)
-corenet_all_recvfrom_netlabel(zebra_t)
-corenet_tcp_sendrecv_generic_if(zebra_t)
-corenet_udp_sendrecv_generic_if(zebra_t)
-corenet_raw_sendrecv_generic_if(zebra_t)
-corenet_tcp_sendrecv_generic_node(zebra_t)
-corenet_udp_sendrecv_generic_node(zebra_t)
-corenet_raw_sendrecv_generic_node(zebra_t)
-corenet_tcp_bind_generic_node(zebra_t)
-corenet_udp_bind_generic_node(zebra_t)
-
-corenet_sendrecv_bgp_server_packets(zebra_t)
-corenet_tcp_bind_bgp_port(zebra_t)
-corenet_sendrecv_bgp_client_packets(zebra_t)
-corenet_tcp_connect_bgp_port(zebra_t)
-corenet_tcp_sendrecv_bgp_port(zebra_t)
-
-corenet_sendrecv_zebra_server_packets(zebra_t)
-corenet_tcp_bind_zebra_port(zebra_t)
-corenet_tcp_sendrecv_zebra_port(zebra_t)
-
-corenet_sendrecv_router_server_packets(zebra_t)
-corenet_udp_bind_router_port(zebra_t)
-corenet_udp_sendrecv_router_port(zebra_t)
-
-dev_associate_usbfs(zebra_var_run_t)
-dev_list_all_dev_nodes(zebra_t)
-dev_read_sysfs(zebra_t)
-dev_rw_zero(zebra_t)
-
-domain_use_interactive_fds(zebra_t)
-
-files_read_etc_files(zebra_t)
-files_read_etc_runtime_files(zebra_t)
-
-fs_getattr_all_fs(zebra_t)
-fs_search_auto_mountpoints(zebra_t)
-
-term_list_ptys(zebra_t)
-
-logging_send_syslog_msg(zebra_t)
-
-miscfiles_read_localization(zebra_t)
-
-sysnet_read_config(zebra_t)
-
-userdom_dontaudit_use_unpriv_user_fds(zebra_t)
-userdom_dontaudit_search_user_home_dirs(zebra_t)
-
-tunable_policy(`allow_zebra_write_config',`
- manage_files_pattern(zebra_t, zebra_conf_t, zebra_conf_t)
-')
-
-optional_policy(`
- nis_use_ypbind(zebra_t)
-')
-
-optional_policy(`
- rpm_read_pipes(zebra_t)
-')
-
-optional_policy(`
- seutil_sigchld_newrole(zebra_t)
-')
-
-optional_policy(`
- udev_read_db(zebra_t)
-')