selinux-refpolicy/policy/modules/services/denyhosts.te

72 lines
2.0 KiB
Plaintext

policy_module(denyhosts, 1.4.0)
########################################
#
# Declarations
#
type denyhosts_t;
type denyhosts_exec_t;
init_daemon_domain(denyhosts_t, denyhosts_exec_t)
type denyhosts_initrc_exec_t;
init_script_file(denyhosts_initrc_exec_t)
type denyhosts_var_lib_t;
files_type(denyhosts_var_lib_t)
type denyhosts_var_lock_t;
files_lock_file(denyhosts_var_lock_t)
type denyhosts_var_log_t;
logging_log_file(denyhosts_var_log_t)
########################################
#
# Local policy
#
allow denyhosts_t self:capability sys_tty_config;
allow denyhosts_t self:fifo_file rw_fifo_file_perms;
allow denyhosts_t self:netlink_route_socket nlmsg_write;
manage_files_pattern(denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lib_t)
manage_dirs_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
manage_files_pattern(denyhosts_t, denyhosts_var_lock_t, denyhosts_var_lock_t)
files_lock_filetrans(denyhosts_t, denyhosts_var_lock_t, { dir file })
append_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
create_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
read_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
setattr_files_pattern(denyhosts_t, denyhosts_var_log_t, denyhosts_var_log_t)
logging_log_filetrans(denyhosts_t, denyhosts_var_log_t, file)
kernel_read_network_state(denyhosts_t)
kernel_read_system_state(denyhosts_t)
corecmd_exec_bin(denyhosts_t)
corecmd_exec_shell(denyhosts_t)
corenet_all_recvfrom_netlabel(denyhosts_t)
corenet_tcp_sendrecv_generic_if(denyhosts_t)
corenet_tcp_sendrecv_generic_node(denyhosts_t)
corenet_sendrecv_smtp_client_packets(denyhosts_t)
corenet_tcp_connect_smtp_port(denyhosts_t)
dev_read_urand(denyhosts_t)
logging_read_generic_logs(denyhosts_t)
logging_send_syslog_msg(denyhosts_t)
miscfiles_read_localization(denyhosts_t)
sysnet_dns_name_resolve(denyhosts_t)
sysnet_manage_config(denyhosts_t)
sysnet_etc_filetrans_config(denyhosts_t)
optional_policy(`
cron_system_entry(denyhosts_t, denyhosts_exec_t)
')