-
Notifications
You must be signed in to change notification settings - Fork 0
/
etcd.te
41 lines (28 loc) · 892 Bytes
/
etcd.te
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
policy_module(etcd,1.0.0)
########################################
#
# Declarations
#
type etcd_t;
type etcd_exec_t;
init_daemon_domain(etcd_t,etcd_exec_t)
permissive etcd_t;
type etcd_unit_file_t;
systemd_unit_file(etcd_unit_file_t)
type etcd_var_lib_t;
files_type(etcd_var_lib_t)
########################################
#
# ectd local policy
#
allow etcd_t self:tcp_socket create_stream_socket_perms;
manage_dirs_pattern(etcd_t, etcd_var_lib_t, etcd_var_lib_t)
manage_files_pattern(etcd_t, etcd_var_lib_t, etcd_var_lib_t)
manage_lnk_files_pattern(etcd_t, etcd_var_lib_t, etcd_var_lib_t)
files_var_lib_filetrans(etcd_t, etcd_var_lib_t, dir)
kernel_read_unix_sysctls(etcd_t)
kernel_read_net_sysctls(etcd_t)
corenet_tcp_bind_generic_node(etcd_t)
corenet_tcp_bind_kubernetes_port(etcd_t) # should be etcd_port, not kube
fs_getattr_xattr_fs(etcd_t)
logging_send_syslog_msg(etcd_t)