2009-06-30 13:49:53 +00:00
|
|
|
## <summary>Varnishd http accelerator daemon</summary>
|
|
|
|
|
|
|
|
#######################################
|
|
|
|
## <summary>
|
|
|
|
## Execute varnishd in the varnishd domain.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-08-05 13:03:19 +00:00
|
|
|
## Domain allowed to transition.
|
2009-06-30 13:49:53 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`varnishd_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type varnishd_t, varnishd_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
corecmd_search_bin($1)
|
|
|
|
domtrans_pattern($1, varnishd_exec_t, varnishd_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
#######################################
|
|
|
|
## <summary>
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-16 06:24:26 +00:00
|
|
|
## Execute varnishd
|
2009-06-30 13:49:53 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-08-02 13:22:09 +00:00
|
|
|
## Domain allowed access.
|
2009-06-30 13:49:53 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`varnishd_exec',`
|
|
|
|
gen_require(`
|
|
|
|
type varnishd_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
can_exec($1, varnishd_exec_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
|
|
|
## Read varnishd configuration file.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`varnishd_read_config',`
|
|
|
|
gen_require(`
|
|
|
|
type varnishd_etc_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
files_search_etc($1)
|
|
|
|
read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
|
|
|
|
')
|
|
|
|
|
2010-08-26 13:41:21 +00:00
|
|
|
#####################################
|
|
|
|
## <summary>
|
|
|
|
## Read varnish lib files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-16 06:24:26 +00:00
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
2010-08-26 13:41:21 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`varnishd_read_lib_files',`
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-16 06:24:26 +00:00
|
|
|
gen_require(`
|
|
|
|
type varnishd_var_lib_t;
|
|
|
|
')
|
2010-08-26 13:41:21 +00:00
|
|
|
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-16 06:24:26 +00:00
|
|
|
files_search_var_lib($1)
|
|
|
|
read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
|
2010-08-26 13:41:21 +00:00
|
|
|
')
|
|
|
|
|
2009-06-30 13:49:53 +00:00
|
|
|
#######################################
|
|
|
|
## <summary>
|
|
|
|
## Read varnish logs.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2009-07-20 13:44:25 +00:00
|
|
|
interface(`varnishd_read_log',`
|
2009-06-30 13:49:53 +00:00
|
|
|
gen_require(`
|
|
|
|
type varnishlog_log_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
logging_search_logs($1)
|
|
|
|
read_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
|
|
|
## Append varnish logs.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2009-07-20 13:44:25 +00:00
|
|
|
interface(`varnishd_append_log',`
|
2009-06-30 13:49:53 +00:00
|
|
|
gen_require(`
|
|
|
|
type varnishlog_log_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
logging_search_logs($1)
|
|
|
|
append_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
#####################################
|
|
|
|
## <summary>
|
|
|
|
## Manage varnish logs.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2009-07-20 13:44:25 +00:00
|
|
|
interface(`varnishd_manage_log',`
|
2009-06-30 13:49:53 +00:00
|
|
|
gen_require(`
|
|
|
|
type varnishlog_log_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
logging_search_logs($1)
|
|
|
|
manage_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
## <summary>
|
|
|
|
## All of the rules required to administrate
|
|
|
|
## an varnishlog environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## The role to be allowed to manage the varnishlog domain.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`varnishd_admin_varnishlog',`
|
|
|
|
gen_require(`
|
2010-09-15 20:19:38 +00:00
|
|
|
type varnishlog_t, varnishlog_initrc_exec_t;
|
2009-06-30 13:49:53 +00:00
|
|
|
type varnishlog_var_run_t, varnishlog_log_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
allow $1 varnishlog_t:process { ptrace signal_perms };
|
|
|
|
ps_process_pattern($1, varnishlog_t)
|
|
|
|
|
|
|
|
init_labeled_script_domtrans($1, varnishlog_initrc_exec_t)
|
|
|
|
domain_system_change_exemption($1)
|
|
|
|
role_transition $2 varnishlog_initrc_exec_t system_r;
|
|
|
|
allow $2 system_r;
|
|
|
|
|
|
|
|
files_search_pids($1)
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-16 06:24:26 +00:00
|
|
|
admin_pattern($1, varnishlog_var_run_t)
|
2009-06-30 13:49:53 +00:00
|
|
|
|
|
|
|
logging_list_logs($1)
|
|
|
|
admin_pattern($1, varnishlog_log_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
#######################################
|
|
|
|
## <summary>
|
|
|
|
## All of the rules required to administrate
|
|
|
|
## an varnishd environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## The role to be allowed to manage the varnishd domain.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`varnishd_admin',`
|
|
|
|
gen_require(`
|
|
|
|
type varnishd_t, varnishd_var_lib_t, varnishd_etc_t;
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-16 06:24:26 +00:00
|
|
|
type varnishd_var_run_t, varnishd_tmp_t;
|
2009-06-30 13:49:53 +00:00
|
|
|
type varnishd_initrc_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
allow $1 varnishd_t:process { ptrace signal_perms };
|
|
|
|
ps_process_pattern($1, varnishd_t)
|
|
|
|
|
|
|
|
init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
|
|
|
|
domain_system_change_exemption($1)
|
|
|
|
role_transition $2 varnishd_initrc_exec_t system_r;
|
|
|
|
allow $2 system_r;
|
|
|
|
|
|
|
|
files_search_var_lib($1)
|
|
|
|
admin_pattern($1, varnishd_var_lib_t)
|
|
|
|
|
|
|
|
files_search_etc($1)
|
|
|
|
admin_pattern($1, varnishd_etc_t)
|
|
|
|
|
|
|
|
files_search_pids($1)
|
|
|
|
admin_pattern($1, varnishd_var_run_t)
|
|
|
|
|
|
|
|
files_search_tmp($1)
|
|
|
|
admin_pattern($1, varnishd_tmp_t)
|
|
|
|
')
|