d25433c6c5
- Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager (bsc#1203824) >>>>>>> ./selinux-policy.changes.new - Revamped rtorrent module OBS-URL: https://build.opensuse.org/request/show/1006965 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=147
96 lines
1.8 KiB
Plaintext
96 lines
1.8 KiB
Plaintext
|
|
## <summary>policy for rtorrent</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute rtorrent_exec_t in the rtorrent domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rtorrent_domtrans',`
|
|
gen_require(`
|
|
type rtorrent_t, rtorrent_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, rtorrent_exec_t, rtorrent_t)
|
|
')
|
|
|
|
######################################
|
|
## <summary>
|
|
## Execute rtorrent in the caller domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rtorrent_exec',`
|
|
gen_require(`
|
|
type rtorrent_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
can_exec($1, rtorrent_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute rtorrent in the rtorrent domain, and
|
|
## allow the specified role the rtorrent domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role to be allowed the rtorrent domain.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rtorrent_run',`
|
|
gen_require(`
|
|
type rtorrent_t;
|
|
attribute_role rtorrent_roles;
|
|
')
|
|
|
|
rtorrent_domtrans($1)
|
|
roleattribute $2 rtorrent_roles;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Role access for rtorrent
|
|
## </summary>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## User domain for the role
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rtorrent_role',`
|
|
gen_require(`
|
|
type rtorrent_t;
|
|
attribute_role rtorrent_roles;
|
|
')
|
|
|
|
roleattribute $1 rtorrent_roles;
|
|
|
|
rtorrent_domtrans($2)
|
|
|
|
ps_process_pattern($2, rtorrent_t)
|
|
allow $2 rtorrent_t:process { signull signal sigkill };
|
|
')
|