Home Explore Help
Sign In
Mirror
/
ptunnel-ng
mirror of https://github.com/lnslbrty/ptunnel-ng
3
0
Fork 0
Files Issues 0 Wiki
Tree: 9922993eb2
Branches Tags
ptunnel-ng
/
selinux
/
ptunnel-ng.te

ptunnel-ng.te 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. 

  2. module ptunnel-ng 1.0;
    3. 

  3. 

  4. require {
    5. 

  5. 	type local_login_t;
    6. 

  6. 	type file_context_t;
    7. 

  7. 	type unconfined_t;
    8. 

  8. 	type lvm_t;
    9. 

  9. 	type bin_t;
    10. 

  10. 	type gpmctl_t;
    11. 

  11. 	type tracefs_t;
    12. 

  12. 	type dpkg_script_t;
    13. 

  13. 	type xconsole_device_t;
    14. 

  14. 	type modules_object_t;
    15. 

  15. 	type initrc_var_run_t;
    16. 

  16. 	type var_run_t;
    17. 

  17. 	type debugfs_t;
    18. 

  18. 	type udev_var_run_t;
    19. 

  19. 	type bootloader_t;
    20. 

  20. 	type tmp_t;
    21. 

  21. 	type fsadm_run_t;
    22. 

  22. 	class file { create execmod execute execute_no_trans getattr link open read rename setattr unlink write };
    23. 

  23. 	class capability sys_module;
    24. 

  24. 	class dir { add_name getattr remove_name search write };
    25. 

  25. 	class fifo_file getattr;
    26. 

  26. 	class sock_file getattr;
    27. 

  27. 	class system module_load;
    28. 

  28. }
    29. 

  29. 

  30. #============= bootloader_t ==============
    31. 

  31. allow bootloader_t debugfs_t:dir search;
    32. 

  32. allow bootloader_t file_context_t:dir search;
    33. 

  33. allow bootloader_t file_context_t:file { getattr open read };
    34. 

  34. allow bootloader_t fsadm_run_t:dir { add_name getattr remove_name write };
    35. 

  35. allow bootloader_t fsadm_run_t:file { create getattr link open read rename setattr unlink write };
    36. 

  36. allow bootloader_t gpmctl_t:sock_file getattr;
    37. 

  37. allow bootloader_t modules_object_t:system module_load;
    38. 

  38. allow bootloader_t self:capability sys_module;
    39. 

  39. allow bootloader_t tmp_t:file { execute execute_no_trans getattr open read };
    40. 

  40. allow bootloader_t tracefs_t:dir search;
    41. 

  41. allow bootloader_t udev_var_run_t:file { getattr open read };
    42. 

  42. allow bootloader_t xconsole_device_t:fifo_file getattr;
    43. 

  43. 

  44. #============= dpkg_script_t ==============
    45. 

  45. 

  46. #!!!! This avc can be allowed using the boolean 'allow_execmod'
    47. 

  47. allow dpkg_script_t bin_t:file execmod;
    48. 

  48. 

  49. #============= local_login_t ==============
    50. 

  50. allow local_login_t initrc_var_run_t:file unlink;
    51. 

  51. allow local_login_t var_run_t:dir { add_name remove_name write };
    52. 

  52. allow local_login_t var_run_t:file { getattr open read rename unlink };
    53. 

  53. 

  54. #============= lvm_t ==============
    55. 

  55. allow lvm_t initrc_var_run_t:dir { add_name getattr write };
    56. 

  56. 

  57. #============= unconfined_t ==============
    58. 

  58. 

  59. #!!!! This avc can be allowed using the boolean 'allow_execmod'
    60. 

  60. allow unconfined_t bin_t:file execmod;
    61.