diff --git a/misc/selinux/cfengine-enterprise.te.all b/misc/selinux/cfengine-enterprise.te.all index a00d669a1d..63f42a98a7 100644 --- a/misc/selinux/cfengine-enterprise.te.all +++ b/misc/selinux/cfengine-enterprise.te.all @@ -93,87 +93,7 @@ require { type rpm_script_t; type fsadm_exec_t; type lvm_exec_t; - class lockdown { confidentiality integrity }; - class tcp_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown name_connect accept listen name_bind node_bind }; - class mctp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind }; - class udp_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown node_bind }; - class sock_file { create write getattr setattr unlink }; - class rawip_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class packet_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class unix_stream_socket { create ioctl read getattr lock write setattr append bind connect connectto getopt setopt shutdown }; - class unix_dgram_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown sendto }; - class appletalk_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_route_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown nlmsg_read getopt }; - class netlink_firewall_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_tcpdiag_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_nflog_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_xfrm_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_selinux_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_audit_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_ip6fw_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_dnrt_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_kobject_uevent_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class tun_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_iscsi_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_fib_lookup_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_connector_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_netfilter_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_generic_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_scsitransport_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_rdma_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netlink_crypto_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class sctp_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class icmp_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class ax25_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class ipx_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class netrom_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class atmpvc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class x25_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class xdp_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class rose_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class decnet_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class atmsvc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class rds_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class irda_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class pppox_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class llc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class can_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class tipc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class bluetooth_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class iucv_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class rxrpc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class isdn_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class phonet_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class ieee802154_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class caif_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class alg_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class nfc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class vsock_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class kcm_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class qipcrtr_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class smc_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class bridge_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class dccp_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class ib_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class mpls_socket { create ioctl read getattr lock write setattr append bind connect getopt setopt shutdown }; - class process { setrlimit transition dyntransition execstack execheap execmem signull siginh getattr sigchld }; - class fd use; - class file { execute execute_no_trans getattr ioctl map open read unlink write entrypoint lock link rename append setattr create relabelfrom relabelto watch watch_reads }; - class fifo_file { create open getattr setattr read write append rename link unlink ioctl lock relabelfrom relabelto }; - class dir { getattr read search open write add_name remove_name lock ioctl create setattr rmdir }; - class filesystem getattr; - class lnk_file { create getattr read unlink }; - class capability { dac_read_search sys_module chown dac_read_search dac_override fowner fsetid sys_admin mknod net_raw net_admin sys_nice sys_rawio sys_resource setuid setgid sys_nice sys_ptrace kill net_bind_service }; - class cap_userns sys_ptrace; - class capability2 { mac_admin mac_override block_suspend syslog wake_alarm }; - class association { sendto recvfrom setcontext polmatch }; - class security setsecparam; - class service { start stop status reload enable disable }; - class system { module_request }; - class memprotect mmap_zero; - class peer recv; - class chr_file { getattr }; + all_kernel_class_perms }