policy_module(clogd, 1.5.0) ######################################## # # Declarations # type clogd_t; type clogd_exec_t; init_daemon_domain(clogd_t, clogd_exec_t) type clogd_runtime_t alias clogd_var_run_t; files_runtime_file(clogd_runtime_t) type clogd_tmpfs_t; files_tmpfs_file(clogd_tmpfs_t) ######################################## # # Local policy # allow clogd_t self:capability { mknod net_admin }; allow clogd_t self:process signal; allow clogd_t self:sem create_sem_perms; allow clogd_t self:shm create_shm_perms; allow clogd_t self:netlink_socket create_socket_perms; manage_dirs_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t) manage_files_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t) fs_tmpfs_filetrans(clogd_t, clogd_tmpfs_t, { dir file }) manage_files_pattern(clogd_t, clogd_runtime_t, clogd_runtime_t) files_runtime_filetrans(clogd_t, clogd_runtime_t, file) dev_manage_generic_blk_files(clogd_t) dev_read_lvm_control(clogd_t) storage_raw_read_fixed_disk(clogd_t) storage_raw_write_fixed_disk(clogd_t) logging_send_syslog_msg(clogd_t) miscfiles_read_localization(clogd_t) optional_policy(` aisexec_stream_connect(clogd_t) corosync_stream_connect(clogd_t) ')