#DESC cvs - Concurrent Versions System
#
# Author:  Dan Walsh <dwalsh@redhat.com>
#
# Depends: inetd.te

#################################
#
# Rules for the cvs_t domain.
#
# cvs_exec_t is the type of the cvs executable.
#

inetd_child_domain(cvs, tcp)
typeattribute cvs_t privmail;
typeattribute cvs_t auth_chkpwd;

type cvs_data_t, file_type, sysadmfile;
create_dir_file(cvs_t, cvs_data_t)
can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
allow cvs_t etc_runtime_t:file { getattr read };
allow system_mail_t cvs_data_t:file { getattr read };
dontaudit cvs_t devtty_t:chr_file { read write };
allow cvs_t default_t:dir search;
allow cvs_t default_t:lnk_file read;