#DESC cvs - Concurrent Versions System
#
# Author:  Dan Walsh <dwalsh@redhat.com>
#
# Depends: inetd.te

#################################
#
# Rules for the cvs_t domain.
#
# cvs_exec_t is the type of the cvs executable.
#

inetd_child_domain(cvs, tcp)
typeattribute cvs_t privmail;
typeattribute cvs_t auth_chkpwd;

type cvs_data_t, file_type, sysadmfile, customizable;
create_dir_file(cvs_t, cvs_data_t)
can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
allow cvs_t bin_t:dir search;
allow cvs_t { bin_t sbin_t }:lnk_file read;
allow cvs_t etc_runtime_t:file { getattr read };
allow system_mail_t cvs_data_t:file { getattr read };
dontaudit cvs_t devtty_t:chr_file { read write };
ifdef(`kerberos.te', `
# Allow kerberos to work
allow cvs_t { krb5_keytab_t krb5_conf_t }:file r_file_perms;
dontaudit cvs_t krb5_conf_t:file write;
')