## <summary>Policy for cdrecord</summary> ######################################## ## <summary> ## Role access for cdrecord ## </summary> ## <param name="role"> ## <summary> ## Role allowed access ## </summary> ## </param> ## <param name="domain"> ## <summary> ## User domain for the role ## </summary> ## </param> # interface(`cdrecord_role',` gen_require(` type cdrecord_t, cdrecord_exec_t; ') role $1 types cdrecord_t; # Transition from the user domain to the derived domain. domtrans_pattern($2, cdrecord_exec_t, cdrecord_t) allow cdrecord_t $2:unix_stream_socket { getattr read write ioctl }; # allow ps to show cdrecord and allow the user to kill it ps_process_pattern($2, cdrecord_t) allow $2 cdrecord_t:process signal; ')