1 files changed, 49 insertions, 0 deletions

diff --git a/policy/modules/services/clogd.te b/policy/modules/services/clogd.te
new file mode 100644
index 00000000..3f0c47ff
--- /dev/null
+++ b/policy/modules/services/clogd.te
@@ -0,0 +1,49 @@
+policy_module(clogd, 1.3.0)
+
+########################################
+#
+# Declarations
+#
+
+type clogd_t;
+type clogd_exec_t;
+init_daemon_domain(clogd_t, clogd_exec_t)
+
+type clogd_tmpfs_t;
+files_tmpfs_file(clogd_tmpfs_t)
+
+type clogd_var_run_t;
+files_pid_file(clogd_var_run_t)
+
+########################################
+#
+# Local policy
+#
+
+allow clogd_t self:capability { mknod net_admin };
+allow clogd_t self:process signal;
+allow clogd_t self:sem create_sem_perms;
+allow clogd_t self:shm create_shm_perms;
+allow clogd_t self:netlink_socket create_socket_perms;
+
+manage_dirs_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t)
+manage_files_pattern(clogd_t, clogd_tmpfs_t, clogd_tmpfs_t)
+fs_tmpfs_filetrans(clogd_t, clogd_tmpfs_t, { dir file })
+
+manage_files_pattern(clogd_t, clogd_var_run_t, clogd_var_run_t)
+files_pid_filetrans(clogd_t, clogd_var_run_t, file)
+
+dev_manage_generic_blk_files(clogd_t)
+dev_read_lvm_control(clogd_t)
+
+storage_raw_read_fixed_disk(clogd_t)
+storage_raw_write_fixed_disk(clogd_t)
+
+logging_send_syslog_msg(clogd_t)
+
+miscfiles_read_localization(clogd_t)
+
+optional_policy(`
+	aisexec_stream_connect(clogd_t)
+	corosync_stream_connect(clogd_t)
+')