diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2016-03-24 12:19:39 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2016-03-24 12:19:44 +0100 |
| commit | 3ba07bdf7da40b77f2709ac9628b9d0d20c846e7 (patch) | |
| tree | 30ffb304c5d0e6f9d3f465335aa63ddc6027b555 /contrib/rpm/bitcoin.te | |
| parent | e5c35119e967df94d8ac0d91959c07245d160ec5 (diff) | |
| parent | 0e4b50a48c72061f4bafe7f99f0b261a148b457b (diff) | |
| download | bitcoin-3ba07bdf7da40b77f2709ac9628b9d0d20c846e7.tar.xz | |
Merge #7609: All files related to my RPM spec file project in one commit
0e4b50a Description of RPM directory (Alice Wonder)
146746b All files related to my RPM spec file project in one commit (Alice Wonder)
Diffstat (limited to 'contrib/rpm/bitcoin.te')
| -rw-r--r-- | contrib/rpm/bitcoin.te | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/contrib/rpm/bitcoin.te b/contrib/rpm/bitcoin.te new file mode 100644 index 0000000000..d6231c591a --- /dev/null +++ b/contrib/rpm/bitcoin.te @@ -0,0 +1,81 @@ +policy_module(bitcoin, 1.100.1) + +######################################## +# +# Declarations +# + +type bitcoin_t; +type bitcoin_exec_t; +init_daemon_domain(bitcoin_t, bitcoin_exec_t) + +permissive bitcoin_t; + +type bitcoin_initrc_exec_t; +init_script_file(bitcoin_initrc_exec_t) + +type bitcoin_conf_t; +files_type(bitcoin_conf_t) + +type bitcoin_var_lib_t; +files_type(bitcoin_var_lib_t) + +type bitcoin_var_run_t; +files_type(bitcoin_var_run_t) + +type bitcoin_port_t; +corenet_port(bitcoin_port_t) + +######################################## +# +# bitcoin local policy +# +allow bitcoin_t self:process { fork }; + +allow bitcoin_t self:fifo_file rw_fifo_file_perms; +allow bitcoin_t self:unix_stream_socket create_stream_socket_perms; + +manage_dirs_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t) +manage_files_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t) + +manage_dirs_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t) +manage_files_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t) +files_var_lib_filetrans(bitcoin_t, bitcoin_var_lib_t, { dir file }) + +manage_dirs_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t) +manage_files_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t) + +sysnet_dns_name_resolve(bitcoin_t) +corenet_all_recvfrom_unlabeled(bitcoin_t) + +allow bitcoin_t self:tcp_socket create_stream_socket_perms; +corenet_tcp_sendrecv_generic_if(bitcoin_t) +corenet_tcp_sendrecv_generic_node(bitcoin_t) +corenet_tcp_sendrecv_all_ports(bitcoin_t) +corenet_tcp_bind_generic_node(bitcoin_t) + +gen_require(` + type bitcoin_port_t; +') +allow bitcoin_t bitcoin_port_t:tcp_socket name_bind; + +gen_require(` + type bitcoin_port_t; +') +allow bitcoin_t bitcoin_port_t:tcp_socket name_connect; + +domain_use_interactive_fds(bitcoin_t) + +files_read_etc_files(bitcoin_t) + +miscfiles_read_localization(bitcoin_t) + +sysnet_dns_name_resolve(bitcoin_t) + +allow bitcoin_t bitcoin_exec_t:file execute_no_trans; +allow bitcoin_t self:process setsched; +corecmd_exec_ls(bitcoin_t) +corenet_tcp_connect_http_port(bitcoin_t) +dev_read_urand(bitcoin_t) +fs_getattr_xattr_fs(bitcoin_t) +kernel_read_system_state(bitcoin_t) |