forked from ISTI-ansible-roles/ansible-roles
26 lines
709 B
Plaintext
26 lines
709 B
Plaintext
|
|
module fail2ban-journal-sepol 1.0;
|
|
|
|
require {
|
|
type fail2ban_client_exec_t;
|
|
type logrotate_t;
|
|
type fail2ban_t;
|
|
type var_run_t;
|
|
type syslogd_t;
|
|
type syslogd_var_run_t;
|
|
class dir read;
|
|
class file { ioctl read execute execute_no_trans open getattr };
|
|
}
|
|
|
|
#============= fail2ban_t ==============
|
|
|
|
allow fail2ban_t var_run_t:file { read getattr open };
|
|
allow fail2ban_t syslogd_var_run_t:dir read;
|
|
allow fail2ban_t syslogd_var_run_t:file { read getattr open };
|
|
|
|
#============= syslogd_t ==============
|
|
allow syslogd_t var_run_t:file { read getattr open };
|
|
|
|
#============= logrotate_t ==============
|
|
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open };
|