30 lines
1016 B
Plaintext
30 lines
1016 B
Plaintext
|
|
module clamav-sudo 1.0;
|
|
|
|
require {
|
|
type antivirus_t;
|
|
type sudo_exec_t;
|
|
type systemd_logind_var_run_t;
|
|
type pidfs_t;
|
|
type chkpwd_exec_t;
|
|
type systemd_logind_t;
|
|
class file { execute execute_no_trans map };
|
|
class netlink_audit_socket { create nlmsg_relay read write };
|
|
class capability { audit_write sys_resource };
|
|
class process { setrlimit setsched };
|
|
class sock_file write;
|
|
class unix_stream_socket connectto;
|
|
class filesystem getattr;
|
|
}
|
|
|
|
#============= antivirus_t ==============
|
|
allow antivirus_t chkpwd_exec_t:file { execute execute_no_trans };
|
|
allow antivirus_t pidfs_t:filesystem getattr;
|
|
allow antivirus_t self:capability { audit_write sys_resource };
|
|
allow antivirus_t self:netlink_audit_socket { create nlmsg_relay write };
|
|
allow antivirus_t self:netlink_audit_socket read;
|
|
allow antivirus_t self:process { setrlimit setsched };
|
|
allow antivirus_t sudo_exec_t:file map;
|
|
allow antivirus_t systemd_logind_t:unix_stream_socket connectto;
|
|
allow antivirus_t systemd_logind_var_run_t:sock_file write;
|