services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

move selinux, firewalld, k3s

Browse Source
This commit is contained in:
Reese Wells
2025-11-13 16:50:53 -05:00
parent ef527abef4
commit 7ccedb9768
15 changed files with 252 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
active/os_fedora/selinux_policies/clamav-sudo.te Normal file
View File

@@ -0,0 +1,29 @@
module clamav-sudo 1.0;
require {
type antivirus_t;
type sudo_exec_t;
type systemd_logind_var_run_t;
type pidfs_t;
type chkpwd_exec_t;
type systemd_logind_t;
class file { execute execute_no_trans map };
class netlink_audit_socket { create nlmsg_relay read write };
class capability { audit_write sys_resource };
class process { setrlimit setsched };
class sock_file write;
class unix_stream_socket connectto;
class filesystem getattr;
}
#============= antivirus_t ==============
allow antivirus_t chkpwd_exec_t:file { execute execute_no_trans };
allow antivirus_t pidfs_t:filesystem getattr;
allow antivirus_t self:capability { audit_write sys_resource };
allow antivirus_t self:netlink_audit_socket { create nlmsg_relay write };
allow antivirus_t self:netlink_audit_socket read;
allow antivirus_t self:process { setrlimit setsched };
allow antivirus_t sudo_exec_t:file map;
allow antivirus_t systemd_logind_t:unix_stream_socket connectto;
allow antivirus_t systemd_logind_var_run_t:sock_file write;