## Cluster Configuration System
########################################
##
## Execute a domain transition to run ccs.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`ccs_domtrans',`
gen_require(`
type ccs_t, ccs_exec_t;
')
domain_auto_trans($1,ccs_exec_t,ccs_t)
allow ccs_t $1:fd use;
allow ccs_t $1:fifo_file rw_file_perms;
allow ccs_t $1:process sigchld;
')
########################################
##
## Connect to ccs over an unix stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`ccs_stream_connect',`
gen_require(`
type ccs_t, ccs_var_run_t;
')
files_search_pids($1)
allow $1 ccs_var_run_t:dir list_dir_perms;
allow $1 ccs_var_run_t:sock_file write;
allow $1 ccs_t:unix_stream_socket connectto;
')
########################################
##
## Read cluster configuration files.
##
##
##
## Domain allowed access.
##
##
#
interface(`ccs_read_config',`
gen_require(`
type cluster_conf_t;
')
allow $1 cluster_conf_t:dir search_dir_perms;
allow $1 cluster_conf_t:file { getattr read };
')
########################################
##
## Manage cluster configuration files.
##
##
##
## Domain allowed access.
##
##
#
interface(`ccs_manage_config',`
gen_require(`
type cluster_conf_t;
')
allow $1 cluster_conf_t:dir manage_dir_perms;
allow $1 cluster_conf_t:file manage_file_perms;
')