## <summary>Tools for filesystem management, such as mkfs and fsck.</summary> ######################################## ## <desc> ## Execute fs tools in the fstools domain. ## </desc> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`fstools_domtrans',` gen_require(` type fsadm_t, fsadm_exec_t; class fd use; class fifo_file rw_file_perms; ') domain_auto_trans($1,fsadm_exec_t,fsadm_t) allow $1 fsadm_t:fd use; allow fsadm_t $1:fd use; allow fsadm_t $1:fifo_file rw_file_perms; allow fsadm_t $1:process sigchld; ') ######################################## ## <desc> ## Execute fs tools in the fstools domain, and ## allow the specified role the fs tools domain. ## </desc> ## <param name="domain"> ## The type of the process performing this action. ## </param> ## <param name="role"> ## The role to be allowed the fs tools domain. ## </param> ## <param name="terminal"> ## The type of the terminal allow the fs tools domain to use. ## </param> # interface(`fstools_run',` gen_require(` type fsadm_t; class chr_file { getattr read write ioctl }; ') fstools_domtrans($1) role $2 types fsadm_t; allow fsadm_t $3:chr_file { getattr read write ioctl }; ') ######################################## ## <desc> ## Execute fsadm in the caller domain. ## </desc> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`fstools_exec',` gen_require(` type fsadm_exec_t; ') can_exec($1,fsadm_exec_t) ')