move selinux, firewalld, k3s
This commit is contained in:
14
active/os_fedora/selinux_policies/clamav-notifysend.te
Normal file
14
active/os_fedora/selinux_policies/clamav-notifysend.te
Normal file
@@ -0,0 +1,14 @@
|
||||
|
||||
module clamav-notifysend 1.0;
|
||||
|
||||
require {
|
||||
type session_dbusd_tmp_t;
|
||||
type antivirus_t;
|
||||
type unconfined_dbusd_t;
|
||||
class sock_file write;
|
||||
class unix_stream_socket connectto;
|
||||
}
|
||||
|
||||
#============= antivirus_t ==============
|
||||
allow antivirus_t session_dbusd_tmp_t:sock_file write;
|
||||
allow antivirus_t unconfined_dbusd_t:unix_stream_socket connectto;
|
||||
29
active/os_fedora/selinux_policies/clamav-sudo.te
Normal file
29
active/os_fedora/selinux_policies/clamav-sudo.te
Normal file
@@ -0,0 +1,29 @@
|
||||
|
||||
module clamav-sudo 1.0;
|
||||
|
||||
require {
|
||||
type antivirus_t;
|
||||
type sudo_exec_t;
|
||||
type systemd_logind_var_run_t;
|
||||
type pidfs_t;
|
||||
type chkpwd_exec_t;
|
||||
type systemd_logind_t;
|
||||
class file { execute execute_no_trans map };
|
||||
class netlink_audit_socket { create nlmsg_relay read write };
|
||||
class capability { audit_write sys_resource };
|
||||
class process { setrlimit setsched };
|
||||
class sock_file write;
|
||||
class unix_stream_socket connectto;
|
||||
class filesystem getattr;
|
||||
}
|
||||
|
||||
#============= antivirus_t ==============
|
||||
allow antivirus_t chkpwd_exec_t:file { execute execute_no_trans };
|
||||
allow antivirus_t pidfs_t:filesystem getattr;
|
||||
allow antivirus_t self:capability { audit_write sys_resource };
|
||||
allow antivirus_t self:netlink_audit_socket { create nlmsg_relay write };
|
||||
allow antivirus_t self:netlink_audit_socket read;
|
||||
allow antivirus_t self:process { setrlimit setsched };
|
||||
allow antivirus_t sudo_exec_t:file map;
|
||||
allow antivirus_t systemd_logind_t:unix_stream_socket connectto;
|
||||
allow antivirus_t systemd_logind_var_run_t:sock_file write;
|
||||
23
active/os_fedora/selinux_policies/clamav-unixchkpwd.te
Normal file
23
active/os_fedora/selinux_policies/clamav-unixchkpwd.te
Normal file
@@ -0,0 +1,23 @@
|
||||
|
||||
module clamav-unixchkpwd 1.0;
|
||||
|
||||
require {
|
||||
type chkpwd_t;
|
||||
type user_devpts_t;
|
||||
type antivirus_t;
|
||||
type shadow_t;
|
||||
type init_t;
|
||||
class chr_file { read write };
|
||||
class file { getattr open read };
|
||||
class process siginh;
|
||||
}
|
||||
|
||||
#============= antivirus_t ==============
|
||||
allow antivirus_t shadow_t:file { open read };
|
||||
allow antivirus_t shadow_t:file getattr;
|
||||
|
||||
#============= chkpwd_t ==============
|
||||
allow chkpwd_t user_devpts_t:chr_file { read write };
|
||||
|
||||
#============= init_t ==============
|
||||
allow init_t chkpwd_t:process siginh;
|
||||
Binary file not shown.
Reference in New Issue
Block a user