Using SELinux on an ICE-Linux CMS

ManualsBrandsHP ManualsSoftwareHP Insight Control for Linux Media Kit

#============= bluetooth_t ==============

allow bluetooth_t device_t:sock_file write;

allow bluetooth_t initrc_t:unix_dgram_socket sendto;

#============= dhcpc_t ==============

allow dhcpc_t device_t:sock_file write;

allow dhcpc_t initrc_t:unix_dgram_socket sendto;

#============= fsdaemon_t ==============

allow fsdaemon_t device_t:sock_file write;

allow fsdaemon_t initrc_t:unix_dgram_socket sendto;

#============= gpm_t ==============

allow gpm_t device_t:sock_file write;

allow gpm_t initrc_t:unix_dgram_socket sendto;

#============= httpd_t ==============

allow httpd_t default_t:dir search;

allow httpd_t default_t:file { read lock ioctl getattr };

allow httpd_t usr_t:file { execute execute_no_trans };

#============= klogd_t ==============

allow klogd_t crond_t:fifo_file read;

allow klogd_t device_t:sock_file write;

allow klogd_t initrc_t:unix_dgram_socket sendto;

allow klogd_t unconfined_t:unix_stream_socket { read write };

allow klogd_t var_log_t:file append;

#============= mdadm_t ==============

allow mdadm_t initrc_t:tcp_socket { read write };

allow mdadm_t initrc_t:unix_stream_socket { read write };

#============= pcscd_t ==============

allow pcscd_t device_t:sock_file write;

allow pcscd_t initrc_t:unix_dgram_socket sendto;

#============= restorecond_t ==============

allow restorecond_t device_t:sock_file write;

allow restorecond_t initrc_t:unix_dgram_socket sendto;

#============= rpcd_t ==============

allow rpcd_t device_t:sock_file write;

allow rpcd_t initrc_t:unix_dgram_socket sendto;

#============= rsync_t ==============

allow rsync_t bin_t:dir { read getattr search };

allow rsync_t bin_t:file { read getattr };

allow rsync_t device_t:sock_file write;

allow rsync_t initrc_t:unix_dgram_socket sendto;

allow rsync_t usr_t:file { read getattr };

allow rsync_t var_lib_t:dir { read search getattr };

allow rsync_t var_lib_t:file { read getattr };

#============= semanage_t ==============

allow semanage_t device_t:sock_file write;

allow semanage_t initrc_t:unix_dgram_socket sendto;

#============= setrans_t ==============

allow setrans_t device_t:sock_file write;

allow setrans_t initrc_t:unix_dgram_socket sendto;