selinux-refpolicy/mls/domains/program/dmesg.te

30 lines
802 B
Plaintext

#DESC dmesg - control kernel ring buffer
#
# Author: Dan Walsh dwalsh@redhat.com
#
# X-Debian-Packages: util-linux
#################################
#
# Rules for the dmesg_t domain.
#
# dmesg_exec_t is the type of the dmesg executable.
#
# while sysadm_t has the sys_admin capability there is no point in using
# dmesg_t when run from sysadm_t, so we use nosysadm.
#
daemon_base_domain(dmesg, , `nosysadm')
#
# Rules used for dmesg
#
allow dmesg_t self:capability sys_admin;
allow dmesg_t kernel_t:system { syslog_read syslog_console syslog_mod };
allow dmesg_t admin_tty_type:chr_file { getattr read write };
allow dmesg_t sysadm_tty_device_t:chr_file ioctl;
allow dmesg_t var_log_t:file { getattr write };
read_locale(dmesg_t)
# for when /usr is not mounted
dontaudit dmesg_t file_t:dir search;