nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1cbe455a5e
selinux-refpolicy/policy/modules/services/irqbalance.te
Russell Coker 8e633b70dd remove aliases from 20210203 
This patch against version 20220106 removes the typealias rules that were in
version 20210203.  If we include this now then the typealias rules in
question will have been there for 3 consecutive releases.  But if you think
we should wait until after the next release that's OK.

It's obvious that this patch should be included sooner or later, I think now
is a reasonable time.

Signed-off-by: Russell Coker <russell@coker.com.au>
2022-02-16 06:54:26 -05:00

59 lines
1.5 KiB
Plaintext
Raw Blame History

policy_module(irqbalance)
########################################
#
# Declarations
#
type irqbalance_t;
type irqbalance_exec_t;
init_daemon_domain(irqbalance_t, irqbalance_exec_t)
type irqbalance_initrc_exec_t;
init_script_file(irqbalance_initrc_exec_t)
type irqbalance_pid_t;
files_runtime_file(irqbalance_pid_t)
type irqbalance_unit_t;
init_unit_file(irqbalance_unit_t)
########################################
#
# Local policy
#
allow irqbalance_t self:capability { setpcap };
dontaudit irqbalance_t self:capability sys_tty_config;
allow irqbalance_t self:process { getcap getsched setcap signal_perms };
allow irqbalance_t self:udp_socket create_socket_perms;
allow irqbalance_t self:unix_stream_socket create_stream_socket_perms;
manage_files_pattern(irqbalance_t, irqbalance_pid_t, irqbalance_pid_t)
manage_sock_files_pattern(irqbalance_t, irqbalance_pid_t, irqbalance_pid_t)
files_runtime_filetrans(irqbalance_t, irqbalance_pid_t, { file sock_file })
kernel_read_network_state(irqbalance_t)
kernel_read_system_state(irqbalance_t)
kernel_read_kernel_sysctls(irqbalance_t)
kernel_rw_irq_sysctls(irqbalance_t)
dev_read_sysfs(irqbalance_t)
files_read_etc_files(irqbalance_t)
files_read_etc_runtime_files(irqbalance_t)
fs_getattr_all_fs(irqbalance_t)
fs_search_auto_mountpoints(irqbalance_t)
fs_search_tmpfs(irqbalance_t)
domain_use_interactive_fds(irqbalance_t)
logging_send_syslog_msg(irqbalance_t)
miscfiles_read_localization(irqbalance_t)
userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
userdom_dontaudit_search_user_home_dirs(irqbalance_t)
Reference in New Issue View Git Blame Copy Permalink