2010-05-21 19:59:16 +00:00
|
|
|
## <summary>Corosync Cluster Engine</summary>
|
2010-05-06 17:13:41 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run corosync.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-08-05 13:03:19 +00:00
|
|
|
## Domain allowed to transition.
|
2010-05-06 17:13:41 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`corosync_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type corosync_t, corosync_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
domtrans_pattern($1, corosync_exec_t, corosync_t)
|
|
|
|
')
|
|
|
|
|
2010-09-16 11:44:53 +00:00
|
|
|
######################################
|
|
|
|
## <summary>
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-17 06:54:12 +00:00
|
|
|
## Execute corosync in the caller domain.
|
2010-09-16 11:44:53 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-17 06:54:12 +00:00
|
|
|
## <summary>
|
|
|
|
## Domain allowed to transition.
|
|
|
|
## </summary>
|
2010-09-16 11:44:53 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`corosync_exec',`
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-17 06:54:12 +00:00
|
|
|
gen_require(`
|
|
|
|
type corosync_exec_t;
|
|
|
|
')
|
2010-09-16 11:44:53 +00:00
|
|
|
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-17 06:54:12 +00:00
|
|
|
corecmd_search_bin($1)
|
|
|
|
can_exec($1, corosync_exec_t)
|
2010-09-16 11:44:53 +00:00
|
|
|
')
|
|
|
|
|
2010-05-06 17:13:41 +00:00
|
|
|
#######################################
|
|
|
|
## <summary>
|
|
|
|
## Allow the specified domain to read corosync's log files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`corosync_read_log',`
|
|
|
|
gen_require(`
|
|
|
|
type corosync_var_log_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
logging_search_logs($1)
|
|
|
|
list_dirs_pattern($1, corosync_var_log_t, corosync_var_log_t)
|
|
|
|
read_files_pattern($1, corosync_var_log_t, corosync_var_log_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
#####################################
|
|
|
|
## <summary>
|
|
|
|
## Connect to corosync over a unix domain
|
|
|
|
## stream socket.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`corosync_stream_connect',`
|
|
|
|
gen_require(`
|
|
|
|
type corosync_t, corosync_var_run_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
files_search_pids($1)
|
|
|
|
stream_connect_pattern($1, corosync_var_run_t, corosync_var_run_t, corosync_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
2010-05-21 20:40:12 +00:00
|
|
|
## All of the rules required to administrate
|
2010-05-06 17:13:41 +00:00
|
|
|
## an corosync environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## The role to be allowed to manage the corosyncd domain.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`corosyncd_admin',`
|
|
|
|
gen_require(`
|
|
|
|
type corosync_t, corosync_var_lib_t, corosync_var_log_t;
|
|
|
|
type corosync_var_run_t, corosync_tmp_t, corosync_tmpfs_t;
|
|
|
|
type corosync_initrc_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
allow $1 corosync_t:process { ptrace signal_perms };
|
|
|
|
ps_process_pattern($1, corosync_t)
|
|
|
|
|
|
|
|
init_labeled_script_domtrans($1, corosync_initrc_exec_t)
|
|
|
|
domain_system_change_exemption($1)
|
|
|
|
role_transition $2 corosync_initrc_exec_t system_r;
|
|
|
|
allow $2 system_r;
|
|
|
|
|
|
|
|
files_list_tmp($1)
|
|
|
|
admin_pattern($1, corosync_tmp_t)
|
|
|
|
|
|
|
|
admin_pattern($1, corosync_tmpfs_t)
|
|
|
|
|
|
|
|
files_list_var_lib($1)
|
|
|
|
admin_pattern($1, corosync_var_lib_t)
|
|
|
|
|
|
|
|
logging_list_logs($1)
|
|
|
|
admin_pattern($1, corosync_var_log_t)
|
|
|
|
|
|
|
|
files_list_pids($1)
|
|
|
|
admin_pattern($1, corosync_var_run_t)
|
|
|
|
')
|