## <summary>File system quota management</summary> ######################################## ## <summary> ## Execute quota management tools in the quota domain. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`quota_domtrans',` gen_require(` type quota_t, quota_exec_t; ') domain_auto_trans($1,quota_exec_t,quota_t) allow $1 quota_t:fd use; allow quota_t $1:fd use; allow quota_t $1:fifo_file rw_file_perms; allow quota_t $1:process sigchld; ') ######################################## ## <summary> ## Execute quota management tools in the quota domain, and ## allow the specified role the quota domain. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> ## <param name="role"> ## <summary> ## The role to be allowed the quota domain. ## </summary> ## </param> ## <param name="terminal"> ## <summary> ## The type of the terminal allow the quota domain to use. ## </summary> ## </param> # interface(`quota_run',` gen_require(` type quota_t; ') quota_domtrans($1) role $2 types quota_t; allow quota_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Do not audit attempts to get the attributes ## of filesystem quota data files. ## </summary> ## <param name="domain"> ## <summary> ## Domain to not audit. ## </summary> ## </param> # interface(`quota_dontaudit_getattr_db',` gen_require(` type quota_db_t; ') dontaudit $1 quota_db_t:file getattr; ') interface(`quota_manage_flags',` gen_require(` type quota_flag_t; ') files_search_var_lib($1) allow $1 quota_flag_t:dir rw_dir_perms; allow $1 quota_flag_t:file create_file_perms; ')