diff options
Diffstat (limited to 'SELinux/qarshd.te.in')
-rw-r--r-- | SELinux/qarshd.te.in | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/SELinux/qarshd.te.in b/SELinux/qarshd.te.in new file mode 100644 index 0000000..7936140 --- /dev/null +++ b/SELinux/qarshd.te.in @@ -0,0 +1,36 @@ + +policy_module(qarshd, 1.0.0.22); + +require { + type unconfined_t; +} + +type qarshd_t; +type qarshd_exec_t; + +# --------------- QARSHD part ------------------ + +# we define new domain, assign common attributes +domain_type(qarshd_t); + +# we don't want qarshd domain to be confined in any +# way as qarshd must be able to do all as root +unconfined_domain(qarshd_t); + +# define qarshd as (x)inetd service with it's own domain +inetd_tcp_service_domain(qarshd_t,qarshd_exec_t); + +# whenever we run anything with qarshd_exec_t type +# we want to end up in qarshd_t domain. This will be +# useful when starting daemons manually from shell +domain_auto_trans(unconfined_t, qarshd_exec_t, qarshd_t); + +# allow any transition from qarshd_t +allow qarshd_t domain:process { transition }; + +# allow any domain to write to qarshd_t sockets +allow domain qarshd_t:tcp_socket { write read }; + +# allow any domain to signal to qarshd_t process +allow domain qarshd_t:process { sigchld }; + |