update for xml changes
This commit is contained in:
parent
a7a9799d79
commit
16e8e265b2
@ -51,22 +51,36 @@ the /tmp directory.
|
|||||||
</p>
|
</p>
|
||||||
<h3>Module IF Policy</h3>
|
<h3>Module IF Policy</h3>
|
||||||
<p>
|
<p>
|
||||||
The interface file creates the macros that other modules will use to gain access to my resources. This allows the module that created the type or attribute to define appropriate uses. Additionally, it provides a single point for documentation. Create myapp.if and add the following:
|
The interface file creates the macros that other modules will use to gain access
|
||||||
|
to my resources. This allows the module that created the type or attribute to
|
||||||
|
define appropriate uses. Additionally, it provides a single point for
|
||||||
|
documentation. Create myapp.if and add the following:
|
||||||
<div id="codeblock">
|
<div id="codeblock">
|
||||||
<pre>
|
<pre>
|
||||||
## <module name="myapp" layer="apps">
|
|
||||||
## <summary>Myapp example policy</summary>
|
## <summary>Myapp example policy</summary>
|
||||||
## <description>More descriptive text about myapp</description>
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## More descriptive text about myapp. The <desc>
|
||||||
|
## tag can also use <p>, <ul>, and <ol>
|
||||||
|
## html tags for formatting.
|
||||||
|
## </p>
|
||||||
|
## <p>
|
||||||
|
## This policy supports the following myapp features:
|
||||||
|
## <ul>
|
||||||
|
## <li>Feature A</li>
|
||||||
|
## <li>Feature B</li>
|
||||||
|
## <li>Feature C</li>
|
||||||
|
## </ul>
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
|
||||||
## <interface name="myapp_domtrans">
|
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute a domain transition to run myapp.
|
## Execute a domain transition to run myapp.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <param name="domain">
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </parameter>
|
## </param>
|
||||||
## </interface>
|
interface(`myapp_domtrans',`
|
||||||
define(`myapp_domtrans',`
|
|
||||||
gen_requires(`
|
gen_requires(`
|
||||||
type myapp_t, myapp_exec_t;
|
type myapp_t, myapp_exec_t;
|
||||||
class fd use;
|
class fd use;
|
||||||
@ -82,15 +96,13 @@ define(`myapp_domtrans',`
|
|||||||
allow $1 myapp_t:process sigchld;
|
allow $1 myapp_t:process sigchld;
|
||||||
')
|
')
|
||||||
|
|
||||||
## <interface name="myapp_read_log">
|
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read myapp log files.
|
## Read myapp log files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <param name="domain">
|
||||||
## Domain allowed to read the log files.
|
## Domain allowed to read the log files.
|
||||||
## </parameter>
|
## </param>
|
||||||
## </interface>
|
interface(`myapp_read_log',`
|
||||||
define(`myapp_read_log',`
|
|
||||||
gen_requires(`
|
gen_requires(`
|
||||||
type myapp_log_t;
|
type myapp_log_t;
|
||||||
class file r_file_perms;
|
class file r_file_perms;
|
||||||
@ -99,8 +111,6 @@ define(`myapp_read_log',`
|
|||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
allow $1 myapp_log_t:file r_file_perms;
|
allow $1 myapp_log_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
## </module>
|
|
||||||
</pre>
|
</pre>
|
||||||
</div>
|
</div>
|
||||||
<p>
|
<p>
|
||||||
|
Loading…
Reference in New Issue
Block a user