1 files changed, 33 insertions, 0 deletions

diff --git a/dist/fedora/trousers.te b/dist/fedora/trousers.te
new file mode 100644
index 0000000..b244633
--- /dev/null
+++ b/dist/fedora/trousers.te
@@ -0,0 +1,33 @@
+type tcsd_device_t, device_type, dev_fs;
+type tcsd_readwrite_t, file_type;
+type tcsd_config_t, file_type, sysadmfile;
+daemon_domain(tcsd, `')
+general_domain_access(tcsd_t)
+allow unconfined_t tcsd_t:process transition;
+type_transition unconfined_t tcsd_exec_t:process tcsd_t;
+allow tcsd_t tcsd_exec_t:dir r_dir_perms;
+allow tcsd_t etc_t:file { read getattr lock ioctl };
+allow tcsd_t etc_t:lnk_file { read getattr };
+allow tcsd_t devtty_t:chr_file { ioctl read getattr lock write append };
+allow tcsd_t devpts_t:chr_file { ioctl read getattr lock write append };
+can_network(tcsd_t)
+read_sysctl(tcsd_t, full)
+r_dir_file(tcsd_t, usr_t)
+r_dir_file(tcsd_t, tcsd_config_t)
+rw_dir_file(tcsd_t, tcsd_readwrite_t)
+allow tcsd_t tcsd_readwrite_t:file { setattr };
+allow tcsd_t tcsd_readwrite_t:dir { setattr };
+allow tcsd_t tcsd_device_t:chr_file { ioctl read getattr lock write append };
+allow tcsd_t { random_device_t }:chr_file { read getattr };
+allow tcsd_t lib_t:dir r_dir_perms;
+allow tcsd_t lib_t:file { rx_file_perms execmod };
+allow tcsd_t lib_t:lnk_file r_file_perms;
+allow tcsd_t lib_t:file { rx_file_perms execmod };
+allow tcsd_t lib_t:lnk_file r_file_perms;
+allow tcsd_t lib_t:file { rx_file_perms execmod };
+allow tcsd_t lib_t:lnk_file r_file_perms;
+allow tcsd_t var_lib_t:dir r_dir_perms;
+allow tcsd_t var_lib_t:file { rx_file_perms execmod };
+allow tcsd_t var_lib_t:lnk_file r_file_perms;
+allow tcsd_t port_type:tcp_socket { send_msg recv_msg name_bind };
+allow tcsd_t self:capability { chown net_bind_service dac_override fowner fsetid };