fedora9のselinux

2日間使ってみた感じ。

module local 1.0;

require {
        type user_tmp_t;
        type ntpd_t;
        type rpcbind_t;
        type fixed_disk_device_t;
        type NetworkManager_t;
        type rpcd_t;
        type procmail_t;
        class blk_file getattr;
        class file { read getattr };
}

#============= NetworkManager_t ==============
allow NetworkManager_t fixed_disk_device_t:blk_file getattr;

#============= ntpd_t ==============
allow ntpd_t user_tmp_t:file { read getattr };

#============= procmail_t ==============
allow procmail_t user_tmp_t:file read;

#============= rpcbind_t ==============
allow rpcbind_t user_tmp_t:file read;

#============= rpcd_t ==============
allow rpcd_t user_tmp_t:file read;