selinux-refpolicy/policy/modules/services/setroubleshoot.if

42 lines
1016 B
Plaintext

## <summary>SELinux troubleshooting service</summary>
########################################
## <summary>
## Connect to setroubleshootd over an unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`setroubleshoot_stream_connect',`
gen_require(`
type setroubleshootd_t, setroubleshoot_var_run_t;
')
files_search_pids($1)
allow $1 setroubleshoot_var_run_t:sock_file write;
allow $1 setroubleshootd_t:unix_stream_socket connectto;
')
########################################
## <summary>
## Dontaudit attempts to connect to setroubleshootd
## over an unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`setroubleshoot_dontaudit_stream_connect',`
gen_require(`
type setroubleshootd_t, setroubleshoot_var_run_t;
')
dontaudit $1 setroubleshoot_var_run_t:sock_file write;
dontaudit $1 setroubleshootd_t:unix_stream_socket connectto;
')