2005-08-05 14:32:12 +00:00
|
|
|
## <summary>Berkeley process accounting</summary>
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
## <summary>
|
|
|
|
|
## Transition to the accounting management domain.
|
|
|
|
|
## </summary>
|
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2010-08-05 12:45:31 +00:00
|
|
|
## Domain allowed to transition.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-08-05 14:32:12 +00:00
|
|
|
## </param>
|
|
|
|
|
#
|
|
|
|
|
interface(`acct_domtrans',`
|
|
|
|
|
gen_require(`
|
|
|
|
|
type acct_t, acct_exec_t;
|
|
|
|
|
')
|
|
|
|
|
|
2007-03-23 23:24:59 +00:00
|
|
|
corecmd_search_bin($1)
|
2008-07-23 21:38:39 +00:00
|
|
|
domtrans_pattern($1, acct_exec_t, acct_t)
|
2005-08-05 14:32:12 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
## <summary>
|
|
|
|
|
## Execute accounting management tools in the caller domain.
|
|
|
|
|
## </summary>
|
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2010-08-02 13:22:09 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-08-05 14:32:12 +00:00
|
|
|
## </param>
|
|
|
|
|
#
|
|
|
|
|
interface(`acct_exec',`
|
|
|
|
|
gen_require(`
|
|
|
|
|
type acct_exec_t;
|
|
|
|
|
')
|
|
|
|
|
|
2007-03-23 23:24:59 +00:00
|
|
|
corecmd_search_bin($1)
|
2008-07-23 21:38:39 +00:00
|
|
|
can_exec($1, acct_exec_t)
|
2005-08-05 14:32:12 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
## <summary>
|
|
|
|
|
## Execute accounting management data in the caller domain.
|
|
|
|
|
## </summary>
|
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2010-08-02 13:22:09 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-08-05 14:32:12 +00:00
|
|
|
## </param>
|
|
|
|
|
#
|
|
|
|
|
# cjp: this is added for logrotate, and does
|
|
|
|
|
# not make sense to me.
|
|
|
|
|
interface(`acct_exec_data',`
|
|
|
|
|
gen_require(`
|
|
|
|
|
type acct_data_t;
|
|
|
|
|
')
|
|
|
|
|
|
|
|
|
|
files_search_var($1)
|
2008-07-23 21:38:39 +00:00
|
|
|
can_exec($1, acct_data_t)
|
2005-08-05 14:32:12 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
## <summary>
|
|
|
|
|
## Create, read, write, and delete process accounting data.
|
|
|
|
|
## </summary>
|
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2010-08-02 13:22:09 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-08-05 14:32:12 +00:00
|
|
|
## </param>
|
|
|
|
|
#
|
|
|
|
|
interface(`acct_manage_data',`
|
|
|
|
|
gen_require(`
|
|
|
|
|
type acct_data_t;
|
|
|
|
|
')
|
|
|
|
|
|
|
|
|
|
files_search_var($1)
|
2008-07-23 21:38:39 +00:00
|
|
|
manage_files_pattern($1, acct_data_t, acct_data_t)
|
|
|
|
|
manage_lnk_files_pattern($1, acct_data_t, acct_data_t)
|
2005-08-05 14:32:12 +00:00
|
|
|
')
|
