/[gentoo-projects]/selinux/distcc/distcc.te
Gentoo

Contents of /selinux/distcc/distcc.te

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.10 - (show annotations) (download)
Sun Nov 14 18:05:23 2004 UTC (10 years, 5 months ago) by pebenito
Branch: MAIN
CVS Tags: HEAD
Changes since 1.9: +0 -1 lines
unreverse

1 #DESC distcc - Distributed compiler daemon
2 #
3 # Author: Chris PeBenito <pebenito@gentoo.org>
4 #
5
6 daemon_domain(distccd)
7 can_network(distccd_t)
8 can_ypbind(distccd_t)
9 log_domain(distccd)
10 tmp_domain(distccd)
11
12 type distccd_port_t, port_type;
13 allow distccd_t distccd_port_t:tcp_socket name_bind;
14 allow distccd_t self:capability { setgid setuid };
15
16 # distccd can renice
17 allow distccd_t self:process setsched;
18
19 # compiler stuff
20 allow distccd_t { bin_t sbin_t }:dir { search getattr };
21 allow distccd_t { bin_t sbin_t }:lnk_file { getattr read };
22 can_exec(distccd_t,bin_t)
23 can_exec(distccd_t,lib_t)
24
25 # comm stuff
26 allow distccd_t net_conf_t:file r_file_perms;
27 allow distccd_t self:{ unix_stream_socket unix_dgram_socket } { create connect read write };
28 allow distccd_t self:fifo_file { read write getattr };
29
30 # config access
31 allow distccd_t { etc_t etc_runtime_t }:file r_file_perms;
32 allow distccd_t proc_t:file r_file_perms;
33
34 allow distccd_t var_t:dir search;

  ViewVC Help
Powered by ViewVC 1.1.20