1
#DESC Scannerdaemon - Virus scanner daemon
3
# Author: Brian May <bam@snoopy.apana.org.au>
7
#################################
9
# Rules for the scannerdaemon_t domain.
11
type scannerdaemon_etc_t, file_type, sysadmfile;
14
daemon_domain(scannerdaemon)
15
can_network(scannerdaemon_t)
17
`can_tcp_connect(postfix_bounce_t,scannerdaemon_t);')
20
can_tcp_connect(sysadm_t,scannerdaemon_t)
22
# Can create unix sockets
23
allow scannerdaemon_t self:unix_stream_socket create_stream_socket_perms;
25
# Access config files (libc6).
26
allow scannerdaemon_t etc_t:file r_file_perms;
27
allow scannerdaemon_t etc_t:lnk_file r_file_perms;
28
allow scannerdaemon_t proc_t:file r_file_perms;
29
allow scannerdaemon_t etc_runtime_t:file r_file_perms;
31
# Access config files (scannerdaemon).
32
allow scannerdaemon_t scannerdaemon_etc_t:file r_file_perms;
34
# Access signature files.
35
ifdef(`oav-update.te',`
36
allow scannerdaemon_t oav_update_var_lib_t:dir r_dir_perms;
37
allow scannerdaemon_t oav_update_var_lib_t:file r_file_perms;
40
log_domain(scannerdaemon)
41
ifdef(`logrotate.te', `
42
allow logrotate_t scannerdaemon_log_t:file create_file_perms;
46
# Run helper programs.
47
can_exec_any(scannerdaemon_t)
48
allow scannerdaemon_t var_lib_t:dir search;
49
allow scannerdaemon_t { sbin_t bin_t }:dir search;
50
allow scannerdaemon_t bin_t:lnk_file read;
53
allow scannerdaemon_t self:fifo_file { read write };
56
dontaudit scannerdaemon_t sysadm_home_dir_t:dir search;
57
dontaudit scannerdaemon_t devtty_t:chr_file { read write };
58
dontaudit scannerdaemon_t shadow_t:file { read getattr };