1
#DESC Tmpreaper - Monitor and maintain temporary files
3
# Author: Russell Coker <russell@coker.com.au>
4
# X-Debian-Packages: tmpreaper
7
#################################
9
# Rules for the tmpreaper_t domain.
11
type tmpreaper_t, domain, privlog;
12
type tmpreaper_exec_t, file_type, sysadmfile, exec_type;
14
role system_r types tmpreaper_t;
16
system_crond_entry(tmpreaper_exec_t, tmpreaper_t)
17
uses_shlib(tmpreaper_t)
18
# why does it need setattr?
19
allow tmpreaper_t tmpfile:dir { setattr rw_dir_perms rmdir };
20
allow tmpreaper_t tmpfile:file_class_set { getattr unlink };
21
allow tmpreaper_t { home_type file_t }:notdevfile_class_set { getattr unlink };
22
allow tmpreaper_t self:process { fork sigchld };
23
allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
24
allow tmpreaper_t fs_t:filesystem getattr;
26
r_dir_file(tmpreaper_t, etc_t)
27
allow tmpreaper_t var_t:dir { getattr search };
28
r_dir_file(tmpreaper_t, var_lib_t)
29
allow tmpreaper_t device_t:dir { getattr search };
30
allow tmpreaper_t urandom_device_t:chr_file { getattr read };
31
rw_dir_file(tmpreaper_t, var_spool_t)
32
allow tmpreaper_t var_spool_t:dir { setattr };
35
# for the Red Hat tmpreaper program which also manages tetex indexes
36
create_dir_file(tmpreaper_t, tetex_data_t)
37
allow tmpreaper_t catman_t:dir setattr;
39
read_locale(tmpreaper_t)
added
removed
domains/program/tmpreaper.te
