blob: e67434ca735c2c3e7c35f9bafd657ff880161029 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
--- services/haveged.te 1970-01-01 01:00:00.000000000 +0100
+++ services/haveged.te 2011-07-17 19:54:35.947000888 +0200
@@ -0,0 +1,35 @@
+policy_module(haveged, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type haveged_t;
+type haveged_exec_t;
+init_daemon_domain(haveged_t, haveged_exec_t)
+
+type haveged_var_run_t;
+files_pid_file(haveged_var_run_t)
+
+########################################
+#
+# haveged local policy
+#
+allow haveged_t self:capability sys_admin;
+allow haveged_t self:unix_dgram_socket create_socket_perms;
+allow haveged_t haveged_var_run_t:file manage_file_perms;
+
+# pid file
+files_pid_filetrans(haveged_t, haveged_var_run_t, file)
+
+## Kernel stuff
+kernel_rw_kernel_sysctl(haveged_t)
+dev_read_rand(haveged_t)
+dev_write_rand(haveged_t)
+
+## System stuff
+miscfiles_read_localization(haveged_t)
+
+## Other stuff
+logging_send_syslog_msg(haveged_t)
--- services/haveged.fc 1970-01-01 01:00:00.000000000 +0100
+++ services/haveged.fc 2011-07-17 17:55:56.431000683 +0200
@@ -0,0 +1 @@
+/usr/sbin/haveged -- gen_context(system_u:object_r:haveged_exec_t,s0)
|
GitWeb
