From: domg472@gmail.com (Dominick Grift) Date: Thu, 09 Jul 2009 14:21:45 +0200 Subject: [refpolicy] new policy: rtorrent In-Reply-To: <20090709095817.GA7703@squirrel.roonstrasse.net> References: <20090709095817.GA7703@squirrel.roonstrasse.net> Message-ID: <1247142105.5300.12.camel@notebook2.grift.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2009-07-09 at 11:58 +0200, Max Kellermann wrote: > Hi, > > I have written a policy for rtorrent a while ago, and I thought it > might be a good idea to submit it to the refpolicy project. Here it > is. > > The policy defines the rtorrent_data_t type, but does not declare a > fcontext for it. Users who want to use it have to manually tag the > data directory. Another idea might be to provide a "reasonable" > default... on my machine, that's declared in the host specific policy > .fc file. Here is my take on the policy: http://82.197.205.60/~dgrift/stuff/modules/rtorrent.te http://82.197.205.60/~dgrift/stuff/modules/rtorrent.if http://82.197.205.60/~dgrift/stuff/modules/rtorrent.fc Some notes: These are deprecated i believe: libs_use_ld_so(rtorrent_t) libs_use_shared_libs(rtorrent_t) I would not prefer this to be default behavior ( could be tunable ): corenet_tcp_bind_all_nodes(rtorrent_t) corenet_tcp_connect_all_ports(rtorrent_t) Added nfs/samba/nis home support Added filetrans pattern for rtorrent_t rtorrent_data_t Added relabel patterns for $2 rtorrent home content Added signal child permission for rtorrent_t Added signal permissions for $2 to rtorrent_t Declared port for bittorrent Added policy for rtorrent to bind connect bittorrent ports. Added boolean for rtorrent unrestricted network access I am aware that the bittorrent port declaration should be done in corenetwork.te.in and that interfaces should be called for interaction between rtorrent_t and bittorrent_port_t and more... But to be honest i think user app policy might get adopted by refpolicy. There are some complications i believe. > Max > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090709/146ac0cc/attachment.bin