rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   9fe805d052c0ecaf4c8f545e6ca9463b6c8f0e14
  2.   policy
  3.   modules
  4.   services
  5.   bitlbee.te
Blob Blame History Raw 
policy_module(bitlbee, 1.3.0)

########################################
#
# Declarations
#

type bitlbee_t;
type bitlbee_exec_t;
init_daemon_domain(bitlbee_t, bitlbee_exec_t)
inetd_tcp_service_domain(bitlbee_t, bitlbee_exec_t)

type bitlbee_conf_t;
files_config_file(bitlbee_conf_t)

type bitlbee_initrc_exec_t;
init_script_file(bitlbee_initrc_exec_t)

type bitlbee_tmp_t;
files_tmp_file(bitlbee_tmp_t)

type bitlbee_var_t;
files_type(bitlbee_var_t)

########################################
#
# Local policy
#

allow bitlbee_t self:capability { setgid setuid };

allow bitlbee_t self:udp_socket create_socket_perms;
allow bitlbee_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
allow bitlbee_t self:unix_stream_socket create_stream_socket_perms;
allow bitlbee_t self:fifo_file rw_fifo_file_perms;
allow bitlbee_t self:process signal;

bitlbee_read_config(bitlbee_t)

# tmp files
manage_files_pattern(bitlbee_t, bitlbee_tmp_t, bitlbee_tmp_t)
files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)

# user account information is read and edited at runtime; give the usual
# r/w access to bitlbee_var_t
manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)

kernel_read_system_state(bitlbee_t)

corenet_all_recvfrom_unlabeled(bitlbee_t)
corenet_udp_sendrecv_generic_if(bitlbee_t)
corenet_udp_sendrecv_generic_node(bitlbee_t)
corenet_tcp_sendrecv_generic_if(bitlbee_t)
corenet_tcp_sendrecv_generic_node(bitlbee_t)
# Allow bitlbee to connect to jabber servers
corenet_tcp_connect_jabber_client_port(bitlbee_t)
corenet_tcp_sendrecv_jabber_client_port(bitlbee_t)
# to AIM servers:
corenet_tcp_connect_aol_port(bitlbee_t)
corenet_tcp_sendrecv_aol_port(bitlbee_t)
# and to MMCC (Yahoo IM) servers:
corenet_tcp_connect_mmcc_port(bitlbee_t)
corenet_tcp_sendrecv_mmcc_port(bitlbee_t)
# and to MSNP (MSN Messenger) servers:
corenet_tcp_connect_msnp_port(bitlbee_t)
corenet_tcp_sendrecv_msnp_port(bitlbee_t)
# MSN can use passport auth, which is over http:
corenet_tcp_connect_http_port(bitlbee_t)
corenet_tcp_sendrecv_http_port(bitlbee_t)
corenet_tcp_connect_http_cache_port(bitlbee_t)
corenet_tcp_sendrecv_http_cache_port(bitlbee_t)

dev_read_rand(bitlbee_t)
dev_read_urand(bitlbee_t)

files_read_etc_files(bitlbee_t)
files_search_pids(bitlbee_t)
# grant read-only access to the user help files
files_read_usr_files(bitlbee_t)

libs_legacy_use_shared_libs(bitlbee_t)

auth_use_nsswitch(bitlbee_t)

logging_send_syslog_msg(bitlbee_t)

miscfiles_read_localization(bitlbee_t)

sysnet_dns_name_resolve(bitlbee_t)

optional_policy(`
	# normally started from inetd using tcpwrappers, so use those entry points
	tcpd_wrapped_domain(bitlbee_t, bitlbee_exec_t)
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.