selinux-policy/policy/modules/services/cvs.if

82 lines
1.6 KiB
Plaintext
Raw Normal View History

2005-09-20 18:49:13 +00:00
## <summary>Concurrent versions system</summary>
########################################
## <summary>
## Read the CVS data and metadata.
## </summary>
## <param name="domain">
## <summary>
2005-09-20 18:49:13 +00:00
## Domain allowed access.
## </summary>
2005-09-20 18:49:13 +00:00
## </param>
#
interface(`cvs_read_data',`
gen_require(`
type cvs_data_t;
')
2009-03-23 14:56:43 +00:00
list_dirs_pattern($1, cvs_data_t, cvs_data_t)
read_files_pattern($1, cvs_data_t, cvs_data_t)
read_lnk_files_pattern($1, cvs_data_t, cvs_data_t)
2005-09-20 18:49:13 +00:00
')
########################################
## <summary>
## Allow the specified domain to execute cvs
## in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`cvs_exec',`
gen_require(`
type cvs_exec_t;
')
can_exec($1, cvs_exec_t)
')
2008-09-23 12:56:00 +00:00
########################################
## <summary>
## All of the rules required to administrate
## an cvs environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the cvs domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`cvs_admin',`
gen_require(`
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
2010-09-17 07:49:15 +00:00
type cvs_t, cvs_tmp_t, cvs_initrc_exec_t;
2008-09-23 12:56:00 +00:00
type cvs_data_t, cvs_var_run_t;
')
allow $1 cvs_t:process { ptrace signal_perms };
ps_process_pattern($1, cvs_t)
2008-10-17 15:52:39 +00:00
2008-09-23 12:56:00 +00:00
# Allow cvs_t to restart the apache service
init_labeled_script_domtrans($1, cvs_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 cvs_initrc_exec_t system_r;
allow $2 system_r;
2008-10-13 15:06:23 +00:00
files_list_tmp($1)
admin_pattern($1, cvs_tmp_t)
admin_pattern($1, cvs_data_t)
files_list_pids($1)
admin_pattern($1, cvs_var_run_t)
2008-09-23 12:56:00 +00:00
')