From: "shintarou_fujiwara" <shin216@xf7.so-net.ne.jp>
To: "selinux mailing list" <selinux@tycho.nsa.gov>
Subject: antivir policy
Date: Fri, 4 Nov 2005 02:08:31 +0900 [thread overview]
Message-ID: <004701c5e099$3777e6b0$0300a8c0@admin0> (raw)
[-- Attachment #1: Type: text/plain, Size: 155 bytes --]
Hi, again from Japan.
I've written down antivir policy for antivir users.
Antivir is downloadable from here.
http://www.free-av.com/
shintarou_fujiwara
[-- Attachment #2: antivir.fc --]
[-- Type: application/octet-stream, Size: 537 bytes --]
####################for antivir###########################################
/usr/lib/AntiVir -d system_u:object_r:antivir_home_t
/usr/lib/AntiVir/antivir system_u:object_r:antivir_exec_t
/usr/lib/AntiVir/antivir\.vdf system_u:object_r:antivir_pattern_file_t
/usr/lib/AntiVir/avupdater system_u:object_r:antivir_bin_t
/usr/lib/AntiVir/configantivir system_u:object_r:antivir_bin_t
/etc/antivir\.conf system_u:object_r:antivir_conf_t
/etc/avguard\.conf system_u:object_r:antivir_conf_t
[-- Attachment #3: antivir.te --]
[-- Type: application/octet-stream, Size: 1635 bytes --]
#############for antivir###############
daemon_domain(antivir,`,auth_chkpwd')
can_network(antivir_t)
can_exec(antivir_t,bin_t)
can_exec(antivir_t,sbin_t)
can_exec(antivir_t,mount_exec_t)
tmp_domain(antivir)
lock_domain(antivir)
###############types##############################
type antivir_home_t, file_type, sysadmfile;
type antivir_bin_t, file_type, sysadmfile, exec_type;
type antivir_pattern_file_t, file_type, sysadmfile;
type antivir_conf_t, file_type, sysadmfile;
type antivir_var_log_t, file_type, sysadmfile;
################basic policy############################
allow antivir_t antivir_conf_t:file r_file_perms;
allow antivir_t antivir_home_t:dir r_dir_perms;
allow antivir_t antivir_pattern_file_t:file r_file_perms;
allow antivir_t self:fifo_file rw_file_perms;
allow antivir_t var_log_t:file ra_file_perms;
###########so that antivir can check dir########################
allow antivir_t boot_t:dir r_dir_perms;
allow antivir_t bin_t:dir r_dir_perms;
allow antivir_t sbin_t:dir r_dir_perms;
allow antivir_t default_t:dir r_dir_perms;
allow antivir_t home_root_t:dir r_dir_perms;
allow antivir_t lost_found_t:dir r_dir_perms;
allow antivir_t mnt_t:dir r_dir_perms;
allow antivir_t security_t:dir r_dir_perms;
allow antivir_t sysadm_home_dir_t:dir r_dir_perms;
allow antivir_t var_log_t:dir r_dir_perms;
#######################others################################
allow antivir_t antivir_t:unix_dgram_socket { connect write create };
allow antivir_t etc_runtime_t:file r_file_perms;
allow antivir_t etc_t:file r_file_perms;
allow antivir_t proc_t:file r_file_perms;
reply other threads:[~2005-11-03 17:13 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004701c5e099$3777e6b0$0300a8c0@admin0' \
--to=shin216@xf7.so-net.ne.jp \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.