|
Packit Service |
9fb14c |
; This is a dummy policy which main aim is to be compatible with test.log
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define one category and one sensitivity in order to make things work
|
|
Packit Service |
9fb14c |
(mls true)
|
|
Packit Service |
9fb14c |
(category c0)
|
|
Packit Service |
9fb14c |
(categoryorder (c0))
|
|
Packit Service |
9fb14c |
(sensitivity s0)
|
|
Packit Service |
9fb14c |
(sensitivityorder (s0))
|
|
Packit Service |
9fb14c |
(sensitivitycategory s0 (c0))
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define some users and roles
|
|
Packit Service |
9fb14c |
(user system_u)
|
|
Packit Service |
9fb14c |
(user root)
|
|
Packit Service |
9fb14c |
(user unconfined_u)
|
|
Packit Service |
9fb14c |
(role system_r)
|
|
Packit Service |
9fb14c |
(role unconfined_r)
|
|
Packit Service |
9fb14c |
(userrole root system_r)
|
|
Packit Service |
9fb14c |
(userrole system_u system_r)
|
|
Packit Service |
9fb14c |
(userrole unconfined_u unconfined_r)
|
|
Packit Service |
9fb14c |
(userlevel system_u (s0))
|
|
Packit Service |
9fb14c |
(userlevel root (s0))
|
|
Packit Service |
9fb14c |
(userlevel unconfined_u (s0))
|
|
Packit Service |
9fb14c |
(userrange system_u ((s0)(s0 (c0))))
|
|
Packit Service |
9fb14c |
(userrange root ((s0)(s0 (c0))))
|
|
Packit Service |
9fb14c |
(userrange unconfined_u ((s0)(s0 (c0))))
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define domain types
|
|
Packit Service |
9fb14c |
(type automount_t)
|
|
Packit Service |
9fb14c |
(type ftpd_t)
|
|
Packit Service |
9fb14c |
(type httpd_t)
|
|
Packit Service |
9fb14c |
(type kernel_t)
|
|
Packit Service |
9fb14c |
(type nsplugin_t)
|
|
Packit Service |
9fb14c |
(type postfix_local_t)
|
|
Packit Service |
9fb14c |
(type qemu_t)
|
|
Packit Service |
9fb14c |
(type smbd_t)
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
(roletype system_r automount_t)
|
|
Packit Service |
9fb14c |
(roletype system_r ftpd_t)
|
|
Packit Service |
9fb14c |
(roletype system_r httpd_t)
|
|
Packit Service |
9fb14c |
(roletype system_r kernel_t)
|
|
Packit Service |
9fb14c |
(roletype system_r postfix_local_t)
|
|
Packit Service |
9fb14c |
(roletype system_r qemu_t)
|
|
Packit Service |
9fb14c |
(roletype system_r smbd_t)
|
|
Packit Service |
9fb14c |
(roletype unconfined_r nsplugin_t)
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define file types
|
|
Packit Service |
9fb14c |
(type automount_lock_t)
|
|
Packit Service |
9fb14c |
(type default_t)
|
|
Packit Service |
9fb14c |
(type fixed_disk_device_t)
|
|
Packit Service |
9fb14c |
(type home_root_t)
|
|
Packit Service |
9fb14c |
(type httpd_sys_content_t)
|
|
Packit Service |
9fb14c |
(type httpd_sys_script_exec_t)
|
|
Packit Service |
9fb14c |
(type mail_spool_t)
|
|
Packit Service |
9fb14c |
(type ssh_home_t)
|
|
Packit Service |
9fb14c |
(type usr_t)
|
|
Packit Service |
9fb14c |
(type var_t)
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define port types
|
|
Packit Service |
9fb14c |
(type mysqld_port_t)
|
|
Packit Service |
9fb14c |
(type reserved_port_t)
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define initial SID
|
|
Packit Service |
9fb14c |
(sid kernel)
|
|
Packit Service |
9fb14c |
(sidorder (kernel))
|
|
Packit Service |
9fb14c |
(sidcontext kernel (system_u system_r kernel_t ((s0) (s0))))
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; Define classes
|
|
Packit Service |
9fb14c |
(class blk_file (getattr open read write))
|
|
Packit Service |
9fb14c |
(class dir (append open search))
|
|
Packit Service |
9fb14c |
(class file (execute execute_no_trans getattr open read write))
|
|
Packit Service |
9fb14c |
(class tcp_socket (ioctl name_bind name_connect))
|
|
Packit Service |
9fb14c |
(classorder (blk_file file dir tcp_socket))
|
|
Packit Service |
9fb14c |
|
|
Packit Service |
9fb14c |
; The policy compiler requires at least one rule
|
|
Packit Service |
9fb14c |
(allow kernel_t default_t (file (open read write)))
|