Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 148298 Details for
Bug 219972
Review Request: poker-network - A poker server, client and abstract user interface library
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
updated policy file
poker-server.te (text/plain), 3.59 KB, created by
Wart
on 2007-02-18 17:57:41 UTC
(
hide
)
Description:
updated policy file
Filename:
MIME Type:
Creator:
Wart
Created:
2007-02-18 17:57:41 UTC
Size:
3.59 KB
patch
obsolete
>policy_module(pokerd,1.0.0) > >######################################## ># ># Declarations ># > >gen_require(` > type port_t; > type httpd_t; > type http_port_t; > attribute port_type; > type var_log_t; > type var_run_t; > type mysqld_t; > type mysqld_var_run_t; > type mysqld_etc_t; > type inaddr_any_node_t; > type urandom_device_t; > type random_device_t; > type shell_exec_t; >') > >type pokerd_port_t, port_type; > >type pokerd_t; >type pokerd_exec_t; >domain_type(pokerd_t) >init_daemon_domain(pokerd_t, pokerd_exec_t) > ># pid files >type pokerd_var_run_t; >files_pid_file(pokerd_var_run_t) > ># Game data files >type pokerd_private_data_t; >files_type(pokerd_private_data_t); > >######################################## ># ># poker-server local policy ># ># Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules. ># Note: /usr/share/selinux/devel/include/support/obj_perm_sets.spt contains ># the definitions of many permissions, such as 'rw_dir_perms' > ># Some common macros (you might be able to remove some) >files_read_usr_files(pokerd_t) >#files_read_etc_files(pokerd_t) >libs_use_ld_so(pokerd_t) >libs_use_shared_libs(pokerd_t) >miscfiles_read_localization(pokerd_t) >## internal communication is often done using fifo and unix sockets. >allow pokerd_t self:fifo_file { read write }; >allow pokerd_t self:unix_stream_socket create_stream_socket_perms; > >corecmd_dontaudit_search_sbin(pokerd_t) >corecmd_exec_bin(pokerd_t) > ># log and pid files >allow pokerd_t var_log_t:dir { getattr search add_name write}; >allow pokerd_t var_log_t:file { rw_file_perms create setattr}; >allow pokerd_t var_run_t:dir { add_name write remove_name}; >allow pokerd_t var_run_t:file { create getattr write unlink}; > >## Networking basics (adjust to your needs!) >sysnet_dns_name_resolve(pokerd_t) >corenet_udp_bind_all_nodes(pokerd_t) >corenet_non_ipsec_sendrecv(pokerd_t) >allow pokerd_t pokerd_port_t:tcp_socket { name_bind name_connect recv_msg send_msg}; >allow pokerd_t inaddr_any_node_t:tcp_socket node_bind; >allow pokerd_t self:tcp_socket { accept listen }; >allow pokerd_t port_t:tcp_socket { recv_msg send_msg }; > ># Allow the webapp component to connect to the backend poker server >allow httpd_t pokerd_port_t:tcp_socket name_connect; > ># Allow the poker bot to connect to a poker server and cash-in >allow pokerd_t http_port_t:tcp_socket { name_connect recv_msg send_msg }; > >#corenet_udp_sendrecv_all_ports(pokerd_t) > ># Database accesses >allow pokerd_t mysqld_t:unix_stream_socket connectto; >allow pokerd_t mysqld_var_run_t:sock_file write; >mysql_search_db(pokerd_t) > ># The poker server invokes 'mysql' directly, outside of the python api, ># to set up the initial database tables. This may be fixed in a later ># release. >allow pokerd_t mysqld_etc_t:file { getattr read }; > > ># Init script handling >init_use_fds(pokerd_t) >init_use_script_ptys(pokerd_t) >domain_use_interactive_fds(pokerd_t) ># The init script uses 'runcon' to transition into the correct ># domain. >domain_entry_file(pokerd_t, bin_t) > ># Game private data >allow pokerd_t pokerd_private_data_t:file { r_file_perms }; >allow pokerd_t pokerd_private_data_t:dir search; >allow pokerd_t etc_t:file { getattr read }; > ># Misc rules that are needed. I don't understand the meaning of some ># of these, and for others I don't yet understand why the game needs ># them >#kernel_read_system_state(pokerd_t) >allow pokerd_t self:process signal; >allow pokerd_t self:netlink_route_socket { bind create getattr nlmsg_read read write }; >allow pokerd_t urandom_device_t:chr_file { getattr read }; >allow pokerd_t random_device_t:chr_file { getattr ioctl read }; >allow pokerd_t shell_exec_t:file { execute execute_no_trans getattr read };
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=148298">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 219972
:
146068
|
146073
|
146095
|
146755
| 148298