selinux-refpolicy/policy/modules/admin/dmesg.te
2007-12-14 14:23:18 +00:00

63 lines
1.2 KiB
Plaintext

policy_module(dmesg,1.1.0)
########################################
#
# Declarations
#
type dmesg_t;
type dmesg_exec_t;
init_system_domain(dmesg_t,dmesg_exec_t)
########################################
#
# Local policy
#
allow dmesg_t self:capability sys_admin;
dontaudit dmesg_t self:capability sys_tty_config;
allow dmesg_t self:process signal_perms;
kernel_read_kernel_sysctls(dmesg_t)
kernel_read_ring_buffer(dmesg_t)
kernel_clear_ring_buffer(dmesg_t)
kernel_change_ring_buffer_level(dmesg_t)
kernel_list_proc(dmesg_t)
kernel_read_proc_symlinks(dmesg_t)
dev_read_sysfs(dmesg_t)
fs_search_auto_mountpoints(dmesg_t)
term_dontaudit_use_console(dmesg_t)
domain_use_interactive_fds(dmesg_t)
files_list_etc(dmesg_t)
# for when /usr is not mounted:
files_dontaudit_search_isid_type_dirs(dmesg_t)
init_use_fds(dmesg_t)
init_use_script_ptys(dmesg_t)
libs_use_ld_so(dmesg_t)
libs_use_shared_libs(dmesg_t)
logging_send_syslog_msg(dmesg_t)
logging_write_generic_logs(dmesg_t)
miscfiles_read_localization(dmesg_t)
userdom_use_sysadm_terms(dmesg_t)
userdom_dontaudit_use_unpriv_user_fds(dmesg_t)
optional_policy(`
seutil_sigchld_newrole(dmesg_t)
')
optional_policy(`
udev_read_db(dmesg_t)
')