2010-05-21 19:59:16 +00:00
|
|
|
## <summary>rgmanager - Resource Group Manager</summary>
|
2010-05-06 17:13:41 +00:00
|
|
|
|
|
|
|
#######################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run rgmanager.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
## <summary>
|
2010-08-05 13:03:19 +00:00
|
|
|
## Domain allowed to transition.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
## </summary>
|
2010-05-06 17:13:41 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`rgmanager_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type rgmanager_t, rgmanager_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
corecmd_search_bin($1)
|
|
|
|
domtrans_pattern($1, rgmanager_exec_t, rgmanager_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Connect to rgmanager over an unix stream socket.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`rgmanager_stream_connect',`
|
|
|
|
gen_require(`
|
|
|
|
type rgmanager_t, rgmanager_var_run_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
files_search_pids($1)
|
|
|
|
stream_connect_pattern($1, rgmanager_var_run_t, rgmanager_var_run_t, rgmanager_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
|
|
|
## Allow manage rgmanager tmp files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`rgmanager_manage_tmp_files',`
|
|
|
|
gen_require(`
|
|
|
|
type rgmanager_tmp_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
files_search_tmp($1)
|
|
|
|
manage_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
|
|
|
## Allow manage rgmanager tmpfs files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`rgmanager_manage_tmpfs_files',`
|
|
|
|
gen_require(`
|
|
|
|
type rgmanager_tmpfs_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
fs_search_tmpfs($1)
|
|
|
|
manage_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
|
|
|
|
')
|
2010-08-26 13:41:21 +00:00
|
|
|
|
|
|
|
#######################################
|
|
|
|
## <summary>
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
## Allow read and write access to rgmanager semaphores.
|
2010-08-26 13:41:21 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
2010-08-26 13:41:21 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`rgmanager_rw_semaphores',`
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
gen_require(`
|
|
|
|
type rgmanager_t;
|
|
|
|
')
|
2010-08-26 13:41:21 +00:00
|
|
|
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
allow $1 rgmanager_t:sem { unix_read unix_write associate read write };
|
2010-08-26 13:41:21 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
|
|
|
## All of the rules required to administrate
|
|
|
|
## an rgmanager environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
## <summary>
|
2010-08-26 13:41:21 +00:00
|
|
|
## Domain allowed access.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
## </summary>
|
2010-08-26 13:41:21 +00:00
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## The role to be allowed to manage the rgmanager domain.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`rgmanager_admin',`
|
|
|
|
gen_require(`
|
|
|
|
type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t;
|
|
|
|
type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t;
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 17:40:18 +00:00
|
|
|
')
|
2010-08-26 13:41:21 +00:00
|
|
|
|
|
|
|
allow $1 rgmanager_t:process { ptrace signal_perms };
|
2010-09-15 08:17:37 +00:00
|
|
|
ps_process_pattern($1, rgmanager_t)
|
2010-08-26 13:41:21 +00:00
|
|
|
|
|
|
|
init_labeled_script_domtrans($1, rgmanager_initrc_exec_t)
|
|
|
|
domain_system_change_exemption($1)
|
|
|
|
role_transition $2 rgmanager_initrc_exec_t system_r;
|
|
|
|
allow $2 system_r;
|
|
|
|
|
2010-09-20 13:36:05 +00:00
|
|
|
files_list_tmp($1)
|
2010-08-26 13:41:21 +00:00
|
|
|
admin_pattern($1, rgmanager_tmp_t)
|
|
|
|
|
|
|
|
admin_pattern($1, rgmanager_tmpfs_t)
|
|
|
|
|
2010-09-20 13:36:05 +00:00
|
|
|
logging_list_logs($1)
|
2010-08-26 13:41:21 +00:00
|
|
|
admin_pattern($1, rgmanager_var_log_t)
|
|
|
|
|
2010-09-20 13:36:05 +00:00
|
|
|
files_list_pids($1)
|
2010-08-26 13:41:21 +00:00
|
|
|
admin_pattern($1, rgmanager_var_run_t)
|
|
|
|
')
|