selinux-refpolicy/policy/modules/admin/acct.te

84 lines
1.6 KiB
Plaintext

policy_module(acct, 1.8.0)
########################################
#
# Declarations
#
type acct_t;
type acct_exec_t;
init_system_domain(acct_t, acct_exec_t)
type acct_initrc_exec_t;
init_script_file(acct_initrc_exec_t)
type acct_data_t;
logging_log_file(acct_data_t)
########################################
#
# Local Policy
#
allow acct_t self:capability { chown fsetid kill sys_pacct };
dontaudit acct_t self:capability sys_tty_config;
allow acct_t self:process signal_perms;
allow acct_t self:fifo_file rw_fifo_file_perms;
manage_files_pattern(acct_t, acct_data_t, acct_data_t)
manage_lnk_files_pattern(acct_t, acct_data_t, acct_data_t)
can_exec(acct_t, acct_exec_t)
kernel_list_proc(acct_t)
kernel_read_system_state(acct_t)
kernel_read_kernel_sysctls(acct_t)
corecmd_exec_bin(acct_t)
corecmd_exec_shell(acct_t)
dev_read_sysfs(acct_t)
dev_read_urand(acct_t)
domain_use_interactive_fds(acct_t)
fs_search_auto_mountpoints(acct_t)
fs_getattr_xattr_fs(acct_t)
term_dontaudit_use_console(acct_t)
term_dontaudit_use_generic_ptys(acct_t)
files_read_etc_runtime_files(acct_t)
files_list_usr(acct_t)
auth_use_nsswitch(acct_t)
init_use_fds(acct_t)
init_use_script_ptys(acct_t)
init_exec_script_files(acct_t)
logging_send_syslog_msg(acct_t)
miscfiles_read_localization(acct_t)
userdom_dontaudit_search_user_home_dirs(acct_t)
userdom_dontaudit_use_unpriv_user_fds(acct_t)
optional_policy(`
optional_policy(`
# for monthly cron job
auth_log_filetrans_login_records(acct_t)
auth_manage_login_records(acct_t)
')
cron_system_entry(acct_t, acct_exec_t)
')
optional_policy(`
seutil_sigchld_newrole(acct_t)
')
optional_policy(`
udev_read_db(acct_t)
')