## <summary>Policy for cdrecord</summary>

########################################
## <summary>
##	Role access for cdrecord
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`cdrecord_role',`
	gen_require(`
		type cdrecord_t, cdrecord_exec_t;
	')

	role $1 types cdrecord_t;

	# Transition from the user domain to the derived domain.
	domtrans_pattern($2, cdrecord_exec_t, cdrecord_t)

	allow cdrecord_t $2:unix_stream_socket { getattr read write ioctl };

	# allow ps to show cdrecord and allow the user to kill it 
	ps_process_pattern($2, cdrecord_t)
	allow $2 cdrecord_t:process signal;
')