f92662114a
Search parent directory to be able to interact with target content. Search parent directory to be able to interact with target content. Signed-off-by: Dominick Grift <domg472@gmail.com> Search parent directory to be able to interact with target content. Search parent directory to be able to interact with target content. Signed-off-by: Dominick Grift <domg472@gmail.com> Search parent directory to be able to interact with target content. Search parent directory to be able to interact with target content. Search parent directory to be able to interact with target content.
103 lines
2.4 KiB
Plaintext
103 lines
2.4 KiB
Plaintext
## <summary>policy for zarafa services</summary>
|
|
|
|
######################################
|
|
## <summary>
|
|
## Creates types and rules for a basic
|
|
## zararfa init daemon domain.
|
|
## </summary>
|
|
## <param name="prefix">
|
|
## <summary>
|
|
## Prefix for the domain.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`zarafa_domain_template',`
|
|
gen_require(`
|
|
attribute zarafa_domain;
|
|
')
|
|
|
|
##############################
|
|
#
|
|
# $1_t declarations
|
|
#
|
|
|
|
type zarafa_$1_t, zarafa_domain;
|
|
type zarafa_$1_exec_t;
|
|
init_daemon_domain(zarafa_$1_t, zarafa_$1_exec_t)
|
|
|
|
type zarafa_$1_log_t;
|
|
logging_log_file(zarafa_$1_log_t)
|
|
|
|
type zarafa_$1_var_run_t;
|
|
files_pid_file(zarafa_$1_var_run_t)
|
|
|
|
##############################
|
|
#
|
|
# $1_t local policy
|
|
#
|
|
|
|
manage_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t)
|
|
manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t)
|
|
files_pid_filetrans(zarafa_$1_t, zarafa_$1_var_run_t, { file sock_file })
|
|
#stream_connect_pattern(zarafa_$1_t, $1_var_run_t, $1_var_run_t, virtd_t)
|
|
|
|
manage_files_pattern(zarafa_$1_t, zarafa_$1_log_t,zarafa_$1_log_t)
|
|
#manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_log_t,zarafa_$1_log_t)
|
|
logging_log_filetrans(zarafa_$1_t,zarafa_$1_log_t,{ file })
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run zarafa_server.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`zarafa_server_domtrans',`
|
|
gen_require(`
|
|
type zarafa_server_t, zarafa_server_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, zarafa_server_exec_t, zarafa_server_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run zarafa_deliver.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`zarafa_deliver_domtrans',`
|
|
gen_require(`
|
|
type zarafa_deliver_t, zarafa_deliver_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, zarafa_deliver_exec_t, zarafa_deliver_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Connect to zarafa-server unix domain stream socket.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`zarafa_stream_connect_server',`
|
|
gen_require(`
|
|
type zarafa_server_t, zarafa_server_var_run_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
stream_connect_pattern($1, zarafa_server_t, zarafa_server_var_run_t, zarafa_server_t)
|
|
')
|