Add Team Fortress 2

author Ralf Ertzinger <ralf@skytale.net>

Sun, 27 Apr 2014 17:59:13 +0000 (17:59 +0000)

committer Ralf Ertzinger <ralf@skytale.net>

Sun, 27 Apr 2014 17:59:13 +0000 (17:59 +0000)
author Ralf Ertzinger <ralf@skytale.net>
Sun, 27 Apr 2014 17:59:13 +0000 (17:59 +0000)
committer Ralf Ertzinger <ralf@skytale.net>
Sun, 27 Apr 2014 17:59:13 +0000 (17:59 +0000)
diff --git a/tf2/tf2.fc b/tf2/tf2.fc

new file mode 100644 (file)

index 0000000..6f42eae
--- /dev/null
+++ b/tf2/tf2.fc
@@ -0,0 +1,8 @@
+/etank/games/tf2/tf2/bin(/.*)?            --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/etank/games/tf2/tf2/srcds_linux          --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/etank/games/tf2/tf2/tf/bin/server_srv.so --   gen_context(system_u:object_r:tf2_exec_t,s0)
+/etank/games/tf2(/.*)?                         gen_context(system_u:object_r:tf2_ro_t,s0)
+/etank/games/tf2/tf2/steam_appid.txt           gen_context(system_u:object_r:tf2_rw_t,s0)
+/etank/games/tf2/tf2/tf/downloadlists(/.*)?    gen_context(system_u:object_r:tf2_rw_t,s0)
+/etank/games/tf2/Steam/config(/.*)?            gen_context(system_u:object_r:tf2_rw_t,s0)
+/etank/games/tf2/Steam/logs(/.*)?              gen_context(system_u:object_r:tf2_rw_t,s0)
diff --git a/tf2/tf2.if b/tf2/tf2.if

new file mode 100644 (file)

index 0000000..3eb6a30
--- /dev/null
+++ b/tf2/tf2.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/tf2/tf2.te b/tf2/tf2.te

new file mode 100644 (file)

index 0000000..a33950b
--- /dev/null
+++ b/tf2/tf2.te
@@ -0,0 +1,52 @@
+policy_module(tf2, 0.1.13)
+
+# File context for the executable process
+type tf2_t;
+type tf2_exec_t;
+
+# File type for writable files
+type tf2_rw_t;
+files_type(tf2_rw_t)
+
+# File type for readable files
+type tf2_ro_t;
+files_type(tf2_ro_t)
+
+# type tf2_tmp_t;
+# files_tmp_file(tf2_tmp_t)
+
+init_daemon_domain(tf2_t, tf2_exec_t)
+
+allow tf2_t self:process { setsched signal signull };
+allow tf2_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
+
+corenet_udp_sendrecv_generic_port(tf2_t)
+corenet_udp_bind_generic_port(tf2_t)
+corenet_udp_bind_generic_node(tf2_t)
+corenet_tcp_sendrecv_generic_port(tf2_t)
+corenet_tcp_bind_generic_port(tf2_t)
+corenet_tcp_bind_generic_node(tf2_t)
+
+allow tf2_t tf2_ro_t:dir list_dir_perms;
+allow tf2_t tf2_ro_t:file read_file_perms;
+#allow tf2_t tf2_tmp_t:file manage_file_perms;
+#allow tf2_t tf2_tmp_t:dir manage_dir_perms;
+
+manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
+manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
+setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
+
+sysnet_dns_name_resolve(tf2_t)
+# files_tmp_filetrans(tf2_t, tf2_tmp_t, { file dir})
+
+# Needed to load shared libs
+allow tf2_t tf2_exec_t:file execmod;
+
+dev_read_urand(tf2_t)
+
+# TF2 wants to read /proc/cpuinfo
+kernel_read_system_state(tf2_t)
+# dev_read_sysfs(tf2_t)
+
+# TF2 needs to read the network state
+kernel_read_network_state(tf2_t)
author	Ralf Ertzinger <ralf@skytale.net>
	Sun, 27 Apr 2014 17:59:13 +0000 (17:59 +0000)
committer	Ralf Ertzinger <ralf@skytale.net>
	Sun, 27 Apr 2014 17:59:13 +0000 (17:59 +0000)
tf2/tf2.fc	[new file with mode: 0644]	patch \| blob
tf2/tf2.if	[new file with mode: 0644]	patch \| blob
tf2/tf2.te	[new file with mode: 0644]	patch \| blob