From: Ralf Ertzinger Date: Wed, 12 Aug 2015 10:04:28 +0000 (+0000) Subject: Add policy for teamspeak3 X-Git-Url: https://git.camperquake.de/gitweb.cgi?p=selinux.git;a=commitdiff_plain;h=fa638fc1c5d345a3ebedaa29c8b59f96786a35d2 Add policy for teamspeak3 --- diff --git a/ts3/ts3.fc b/ts3/ts3.fc new file mode 100644 index 0000000..67a8648 --- /dev/null +++ b/ts3/ts3.fc @@ -0,0 +1,4 @@ +/opt/teamspeak3(-server_linux-(amd64|x86))?/libts3db_(.+)\.so -- gen_context(system_u:object_r:ts3_exec_t,s0) +/opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server_linux_(amd64|x86) -- gen_context(system_u:object_r:ts3_exec_t,s0) +/opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server_minimal_runscript\.sh -- gen_context(system_u:object_r:ts3_exec_t,s0) +/opt/teamspeak3(-server_linux-(amd64|x86))?(/.*)? gen_context(system_u:object_r:ts3_rw_t,s0) diff --git a/ts3/ts3.if b/ts3/ts3.if new file mode 100644 index 0000000..3eb6a30 --- /dev/null +++ b/ts3/ts3.if @@ -0,0 +1 @@ +## diff --git a/ts3/ts3.te b/ts3/ts3.te new file mode 100644 index 0000000..4cf9e8e --- /dev/null +++ b/ts3/ts3.te @@ -0,0 +1,39 @@ +policy_module(ts3, 0.1.21) + +# File context for the executable process +type ts3_t; +type ts3_exec_t; + +type ts3_rw_t; +files_type(ts3_rw_t) + +type ts3_ro_t; +files_type(ts3_ro_t) + +init_daemon_domain(ts3_t, ts3_exec_t) + +corenet_udp_sendrecv_generic_port(ts3_t) +corenet_udp_bind_generic_port(ts3_t) +corenet_udp_bind_generic_node(ts3_t) +corenet_tcp_sendrecv_generic_port(ts3_t) +corenet_tcp_bind_generic_port(ts3_t) +corenet_tcp_bind_generic_node(ts3_t) + +allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms }; + +allow ts3_t ts3_ro_t:dir list_dir_perms; +allow ts3_t ts3_ro_t:file read_file_perms; + +manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t) +manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t) +setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t) + +sysnet_dns_name_resolve(ts3_t) + +# Needed to load shared libraries +allow ts3_t ts3_exec_t:file execmod; + +dev_read_urand(ts3_t) + +fs_getattr_tmpfs(ts3_t) +fs_manage_tmpfs_files(ts3_t)