1 files changed, 36 insertions, 0 deletions

diff --git a/SELinux/qarshd.te.in b/SELinux/qarshd.te.in
new file mode 100644
index 0000000..7936140
--- /dev/null
+++ b/SELinux/qarshd.te.in
@@ -0,0 +1,36 @@
+
+policy_module(qarshd, 1.0.0.22);
+
+require {
+    type unconfined_t;
+}
+
+type qarshd_t;
+type qarshd_exec_t;
+
+# --------------- QARSHD part ------------------
+
+# we define new domain, assign common attributes
+domain_type(qarshd_t);
+
+# we don't want qarshd domain to be confined in any
+# way as qarshd must be able to do all as root
+unconfined_domain(qarshd_t);
+
+# define qarshd as (x)inetd service with it's own domain
+inetd_tcp_service_domain(qarshd_t,qarshd_exec_t);
+
+# whenever we run anything with qarshd_exec_t type
+# we want to end up in qarshd_t domain. This will be
+# useful when starting daemons manually from shell
+domain_auto_trans(unconfined_t, qarshd_exec_t, qarshd_t);
+
+# allow any transition from qarshd_t
+allow qarshd_t domain:process { transition };
+
+# allow any domain to write to qarshd_t sockets
+allow domain qarshd_t:tcp_socket { write read };
+
+# allow any domain to signal to qarshd_t process
+allow domain qarshd_t:process { sigchld };
+