Using SELinux on an ICE-Linux CMS

ManualsBrandsHP ManualsSoftwareHP Insight Control for Linux Media Kit

1

2

3

4

5

6

7

8

9

9

Appendix C: Sample local.te File

module local 1.0;

require {

type unconfined_t;

type semanage_t;

type setrans_t;

type usr_t;

type default_t;

type automount_t;

type initrc_t;

type mdadm_t;

type var_log_t;

type snmpd_t;

type bin_t;

type setroubleshootd_t;

type bluetooth_t;

type restorecond_t;

type system_dbusd_t;

type dhcpc_t;

type rsync_t;

type pcscd_t;

type fsdaemon_t;

type auditd_t;

type rpcd_t;

type httpd_t;

type var_lib_t;

type klogd_t;

type inetd_t;

type device_t;

type crond_t;

type gpm_t;

type system_mail_t;

type tftpd_t;

type avahi_t;

class fifo_file read;

class process sigchld;

class unix_stream_socket { read write };

class tcp_socket { read write };

class file { getattr execute append read lock ioctl

execute_no_trans };

class sock_file write;

class unix_dgram_socket sendto;

class dir { search read getattr };

}

#============= auditd_t ==============

allow auditd_t device_t:sock_file write;

allow auditd_t initrc_t:unix_dgram_socket sendto;

#============= automount_t ==============

allow automount_t device_t:sock_file write;

allow automount_t initrc_t:unix_dgram_socket sendto;

#============= avahi_t ==============

allow avahi_t device_t:sock_file write;

allow avahi_t initrc_t:unix_dgram_socket sendto;