git://git.camperquake.de / selinux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b73dae2)
Add rtorrent
authorRalf Ertzinger <ralf@skytale.net>
Sat, 16 Mar 2019 20:10:17 +0000 (20:10 +0000)
committerRalf Ertzinger <ralf@skytale.net>
Sat, 16 Mar 2019 20:10:17 +0000 (20:10 +0000)
rtorrent/rtorrent.fc [new file with mode: 0644] patch | blob
rtorrent/rtorrent.if [new symlink] patch | blob
rtorrent/rtorrent.te [new file with mode: 0644] patch | blob

diff --git a/rtorrent/rtorrent.fc b/rtorrent/rtorrent.fc
new file mode 100644 (file)
index 0000000..b6a7646
--- /dev/null
+++ b/rtorrent/rtorrent.fc
@@ -0,0 +1,3 @@
+/usr/bin/rtorrent                            -- gen_context(system_u:object_r:rtorrent_exec_t,s0)
+/opt/rtorrent/data(/.*)?                        gen_context(system_u:object_r:rtorrent_rw_t,s0)
+/opt/rtorrent/.rtorrent.rc                      gen_context(system_u:object_r:rtorrent_ro_t,s0)
diff --git a/rtorrent/rtorrent.if b/rtorrent/rtorrent.if
new file mode 120000 (symlink)
index 0000000..196caaa
--- /dev/null
+++ b/rtorrent/rtorrent.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/rtorrent/rtorrent.te b/rtorrent/rtorrent.te
new file mode 100644 (file)
index 0000000..c912c2c
--- /dev/null
+++ b/rtorrent/rtorrent.te
@@ -0,0 +1,70 @@
+policy_module(rtorrent, 0.0.19)
+
+require {
+    type init_t;
+    type public_content_t;
+    type public_content_rw_t;
+    type bin_t;
+    type shell_exec_t;
+    type fs_t;
+}
+
+
+# File context for the executable process
+type rtorrent_t;
+type rtorrent_exec_t;
+
+type rtorrent_rw_t;
+files_type(rtorrent_rw_t)
+
+type rtorrent_ro_t;
+files_type(rtorrent_ro_t)
+
+# _sky_files_use_tmp(rtorrent_t, rtorrent_tmp_t)
+
+init_daemon_domain(rtorrent_t, rtorrent_exec_t)
+
+# corenet_udp_sendrecv_generic_port(rtorrent_t)
+corenet_udp_bind_generic_port(rtorrent_t)
+corenet_udp_bind_generic_node(rtorrent_t)
+corenet_tcp_sendrecv_generic_port(rtorrent_t)
+corenet_tcp_bind_generic_port(rtorrent_t)
+corenet_tcp_bind_generic_node(rtorrent_t)
+
+corenet_tcp_connect_all_unreserved_ports(rtorrent_t)
+corenet_tcp_connect_all_ephemeral_ports(rtorrent_t)
+corenet_tcp_connect_http_port(rtorrent_t)
+
+allow rtorrent_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
+
+# Needed to start /bin/bash
+#exec_files_pattern(rtorrent_t, bin_t, shell_exec_t)
+
+# Needed to start java
+# exec_files_pattern(rtorrent_t, bin_t, bin_t)
+# _sky_java_process(rtorrent_t)
+
+read_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
+read_lnk_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
+mmap_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
+
+read_files_pattern(rtorrent_t, public_content_t, public_content_t)
+read_lnk_files_pattern(rtorrent_t, public_content_t, public_content_t)
+mmap_files_pattern(rtorrent_t, public_content_t, public_content_t)
+
+manage_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+manage_dirs_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+manage_lnk_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+mmap_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+
+manage_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
+mmap_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
+
+sysnet_dns_name_resolve(rtorrent_t)
+
+#sssd_read_public_files(rtorrent_t)
+
+#dev_read_rand(rtorrent_t)
+#dev_read_sysfs(rtorrent_t)
+
+allow rtorrent_t fs_t:filesystem getattr;
Collection of selinux policy files