CentOS Distribution selinux module & service

propush · Jan 17, 2017 · fd9f150 · fd9f150
1 parent 7fe2452
commit fd9f150
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 0 deletions.
diff --git a/centos/jnode.run b/centos/jnode.run
@@ -0,0 +1,2 @@
+#!/bin/sh
+java -Xmx600m -server -cp "/opt/jnode/jar/activation-1.1.jar:/opt/jnode/jar/commons-io-2.4.jar:/opt/jnode/jar/commons-lang-2.4.jar:/opt/jnode/jar/guava-14.0.1.jar:/opt/jnode/jar/h2-1.3.174.jar:/opt/jnode/jar/javax.mail-1.5.1.jar:/opt/jnode/jar/javax.servlet-3.0.0.v201112011016.jar:/opt/jnode/jar/jdom-1.1.3.jar:/opt/jnode/jar/jetty-http-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-io-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-security-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-server-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-servlet-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-util-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-webapp-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-xml-9.0.2.v20130417.jar:/opt/jnode/jar/jnode-core-1.5.jar:/opt/jnode/jar/jnode-dumb-module-0.1.jar:/opt/jnode/jar/jnode-httpd-module-1.1.jar:/opt/jnode/jar/jnode-mail-module-0.9.jar:/opt/jnode/jar/jnode-nntp-0.8a.jar:/opt/jnode/jar/jnode-pointchecker-module-2.0.jar:/opt/jnode/jar/jnode-rss-1.2.jar:/opt/jnode/jar/jnode-xmpp-0.1.jar:/opt/jnode/jar/mysql-connector-java-5.1.28-bin.jar:/opt/jnode/jar/ormlite-core-4.48.jar:/opt/jnode/jar/ormlite-jdbc-4.48.jar:/opt/jnode/jar/postgresql-9.2-1003-jdbc4.jar:/opt/jnode/jar/rome-1.0.jar:/opt/jnode/jar/slf4j-api-1.7.2.jar:/opt/jnode/jar/slf4j-simple-1.7.5.jar:/opt/jnode/jar/smack-3.2.1.jar:/opt/jnode/jar/spark-core-1.1.1.jar" jnode.main.Main /opt/jnode/jnode.conf
diff --git a/centos/jnode.service b/centos/jnode.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=JNode Fidonet Server
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+User=jnode
+Group=jnode
+ExecStart=/opt/jnode/jnode.run
+
diff --git a/centos/policy_module/jnode.fc b/centos/policy_module/jnode.fc
@@ -0,0 +1,9 @@
+/opt/jnode(/.*)?			gen_context(system_u:object_r:jnode_conf_t)
+/opt/jnode/jar(/.*)    		gen_context(system_u:object_r:jnode_conf_t)
+/opt/jnode/fileechoes(/.*)?  		gen_context(system_u:object_r:jnode_cache_t)
+/opt/jnode/point(/.*)?  		gen_context(system_u:object_r:jnode_cache_t)
+/opt/jnode/point/.*\.cfg  		gen_context(system_u:object_r:jnode_conf_t)
+/opt/jnode/(inbound|temp)(/.*)? 	gen_context(system_u:object_r:jnode_tmp_t)
+/opt/jnode/jnode.run		--	gen_context(system_u:object_r:jnode_exec_t)
+/var/log/jnode(/.*)? 				gen_context(system_u:object_r:jnode_log_t)
+
diff --git a/centos/policy_module/jnode.if b/centos/policy_module/jnode.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/centos/policy_module/jnode.te b/centos/policy_module/jnode.te
@@ -0,0 +1,56 @@
+# (C) Ivan Agarkov, 2017
+policy_module(jnode, 1.0.3)
+gen_require(`
+  type http_port_t;
+')
+# domain file type
+type jnode_t;
+type jnode_exec_t;
+init_daemon_domain(jnode_t, jnode_exec_t)
+application_domain(jnode_t, jnode_exec_t)
+corecmd_exec_bin(jnode_t)
+libs_use_ld_so(jnode_t)
+kernel_read_system_state(jnode_t)
+allow jnode_t self:process { execmem };
+files_rw_generic_tmp_dir(jnode_t)
+sysnet_read_config(jnode_t)
+dev_read_rand(jnode_t)
+fs_getattr_xattr_fs(jnode_t)
+sysnet_dns_name_resolve(jnode_t)
+# network type
+type binkp_port_t;
+corenet_port(binkp_port_t)
+# config type
+type jnode_conf_t;
+files_config_file(jnode_conf_t)
+allow jnode_t jnode_conf_t:dir list_dir_perms;
+allow jnode_t jnode_conf_t:file read_file_perms;
+# cache type
+type jnode_cache_t;
+files_type(jnode_cache_t)
+allow jnode_t jnode_cache_t:dir { add_entry_dir_perms create_dir_perms list_dir_perms };
+allow jnode_t jnode_cache_t:file { append_file_perms create_file_perms rw_file_perms };
+# log type
+type jnode_log_t;
+logging_log_file(jnode_log_t)
+logging_search_logs(jnode_t)
+logging_log_filetrans(jnode_t, jnode_log_t, file)
+allow jnode_t jnode_log_t:file { write append_file_perms create_file_perms };
+allow jnode_t jnode_log_t:dir { add_entry_dir_perms };
+# tmp
+type jnode_tmp_t;
+files_tmp_file(jnode_tmp_t)
+allow jnode_t jnode_tmp_t:dir manage_dir_perms;
+allow jnode_t jnode_tmp_t:file manage_file_perms;
+allow jnode_t tmp_t:dir { add_entry_dir_perms create };
+files_poly_member_tmp(jnode_t, jnode_tmp_t)
+type_member jnode_t tmp_t:file jnode_tmp_t;
+# allow networking
+allow jnode_t self:tcp_socket create_stream_socket_perms;
+allow jnode_t self:udp_socket create_socket_perms;
+allow jnode_t binkp_port_t:tcp_socket { name_bind name_connect };
+allow jnode_t http_port_t:tcp_socket name_bind;
+corenet_tcp_bind_generic_node(jnode_t)
+# allow connect to postgresql
+postgresql_stream_connect(jnode_t)
+corenet_tcp_connect_postgresql_port(jnode_t)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/sh
		java -Xmx600m -server -cp "/opt/jnode/jar/activation-1.1.jar:/opt/jnode/jar/commons-io-2.4.jar:/opt/jnode/jar/commons-lang-2.4.jar:/opt/jnode/jar/guava-14.0.1.jar:/opt/jnode/jar/h2-1.3.174.jar:/opt/jnode/jar/javax.mail-1.5.1.jar:/opt/jnode/jar/javax.servlet-3.0.0.v201112011016.jar:/opt/jnode/jar/jdom-1.1.3.jar:/opt/jnode/jar/jetty-http-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-io-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-security-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-server-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-servlet-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-util-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-webapp-9.0.2.v20130417.jar:/opt/jnode/jar/jetty-xml-9.0.2.v20130417.jar:/opt/jnode/jar/jnode-core-1.5.jar:/opt/jnode/jar/jnode-dumb-module-0.1.jar:/opt/jnode/jar/jnode-httpd-module-1.1.jar:/opt/jnode/jar/jnode-mail-module-0.9.jar:/opt/jnode/jar/jnode-nntp-0.8a.jar:/opt/jnode/jar/jnode-pointchecker-module-2.0.jar:/opt/jnode/jar/jnode-rss-1.2.jar:/opt/jnode/jar/jnode-xmpp-0.1.jar:/opt/jnode/jar/mysql-connector-java-5.1.28-bin.jar:/opt/jnode/jar/ormlite-core-4.48.jar:/opt/jnode/jar/ormlite-jdbc-4.48.jar:/opt/jnode/jar/postgresql-9.2-1003-jdbc4.jar:/opt/jnode/jar/rome-1.0.jar:/opt/jnode/jar/slf4j-api-1.7.2.jar:/opt/jnode/jar/slf4j-simple-1.7.5.jar:/opt/jnode/jar/smack-3.2.1.jar:/opt/jnode/jar/spark-core-1.1.1.jar" jnode.main.Main /opt/jnode/jnode.conf