/usr/share/selinux/ubuntu/include/services/ulogd.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 | ## <summary>Iptables/netfilter userspace logging daemon.</summary>
########################################
## <summary>
## Execute a domain transition to run ulogd.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`ulogd_domtrans',`
gen_require(`
type ulogd_t, ulogd_exec_t;
')
domtrans_pattern($1, ulogd_exec_t, ulogd_t)
')
########################################
## <summary>
## Allow the specified domain to read
## ulogd configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_read_config',`
gen_require(`
type ulogd_etc_t;
')
files_search_etc($1)
read_files_pattern($1, ulogd_etc_t, ulogd_etc_t)
')
########################################
## <summary>
## Allow the specified domain to read ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_read_log',`
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir list_dir_perms;
read_files_pattern($1, ulogd_var_log_t, ulogd_var_log_t)
')
#######################################
## <summary>
## Allow the specified domain to search ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`ulogd_search_log',`
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir search_dir_perms;
')
########################################
## <summary>
## Allow the specified domain to append to ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_append_log',`
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir list_dir_perms;
allow $1 ulogd_var_log_t:file append_file_perms;
')
########################################
## <summary>
## All of the rules required to administrate
## an ulogd environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the syslog domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_admin',`
gen_require(`
type ulogd_t, ulogd_etc_t;
type ulogd_var_log_t, ulogd_initrc_exec_t;
type ulogd_modules_t;
')
allow $1 ulogd_t:process { ptrace signal_perms };
ps_process_pattern($1, ulogd_t)
init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 ulogd_initrc_exec_t system_r;
allow $2 system_r;
files_search_etc($1)
admin_pattern($1, ulogd_etc_t)
logging_list_logs($1)
admin_pattern($1, ulogd_var_log_t)
files_search_usr($1)
admin_pattern($1, ulogd_modules_t)
')
|