| | 1 | policy_module(unbound, 0.1.0) |
| | 2 | |
| | 3 | type unbound_t; |
| | 4 | type unbound_conf_t; |
| | 5 | type unbound_exec_t; |
| | 6 | type unbound_initrc_exec_t; |
| | 7 | type unbound_var_run_t; |
| | 8 | |
| | 9 | init_daemon_domain(unbound_t, unbound_exec_t) |
| | 10 | init_script_file(unbound_initrc_exec_t) |
| | 11 | |
| | 12 | role system_r types unbound_t; |
| | 13 | |
| | 14 | # XXX |
| | 15 | # unbound-{checkconf,control} are not protected. Do we need protect them? |
| | 16 | |
| | 17 | # Unbound daemon |
| | 18 | |
| | 19 | auth_use_nsswitch(unbound_t) |
| | 20 | dev_read_urand(unbound_t) |
| | 21 | corenet_all_recvfrom_unlabeled(unbound_t) |
| | 22 | corenet_tcp_bind_all_nodes(unbound_t) |
| | 23 | corenet_tcp_bind_dns_port(unbound_t) |
| | 24 | corenet_tcp_bind_rndc_port(unbound_t) |
| | 25 | corenet_udp_bind_all_nodes(unbound_t) |
| | 26 | corenet_udp_bind_all_unreserved_ports(unbound_t) |
| | 27 | corenet_udp_bind_dns_port(unbound_t) |
| | 28 | files_read_etc_files(unbound_t) |
| | 29 | files_pid_file(unbound_var_run_t) |
| | 30 | files_type(unbound_conf_t) |
| | 31 | libs_use_ld_so(unbound_t) |
| | 32 | libs_use_shared_libs(unbound_t) |
| | 33 | logging_send_syslog_msg(unbound_t) |
| | 34 | manage_files_pattern(unbound_t, unbound_var_run_t, unbound_var_run_t) |
| | 35 | miscfiles_read_localization(unbound_t) |
| | 36 | read_files_pattern(unbound_t, unbound_conf_t, unbound_conf_t) |
| | 37 | |
| | 38 | allow unbound_t self:capability { setuid chown net_bind_service setgid dac_override }; |
| | 39 | allow unbound_t self:tcp_socket create_stream_socket_perms; |
| | 40 | allow unbound_t self:udp_socket create_socket_perms; |
| | 41 | |
| | 42 | ################################################### |
projects / apple / network_cmds.git / blame_incremental