selinux-policy/policy/modules/services/puppet.if

32 lines
780 B
Plaintext
Raw Normal View History

## <summary>Puppet client daemon</summary>
## <desc>
2009-11-11 16:28:50 +00:00
## <p>
## Puppet is a configuration management system written in Ruby.
2009-11-11 16:28:50 +00:00
## The client daemon is responsible for periodically requesting the
## desired system state from the server and ensuring the state of
## the client system matches.
## </p>
## </desc>
################################################
## <summary>
2009-11-11 16:28:50 +00:00
## Read / Write to Puppet temp files. Puppet uses
## some system binaries (groupadd, etc) that run in
## a non-puppet domain and redirects output into temp
## files.
## </summary>
## <param name="domain">
2009-11-11 16:28:50 +00:00
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`puppet_rw_tmp', `
gen_require(`
type puppet_tmp_t;
')
allow $1 puppet_tmp_t:file rw_file_perms;
files_search_tmp($1)
')