selinux-policy/policy/modules/services/aisexec.if
Dominick Grift c5eae5f83c Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-17 14:32:43 +02:00

107 lines
2.3 KiB
Plaintext

## <summary>Aisexec Cluster Engine</summary>
########################################
## <summary>
## Execute a domain transition to run aisexec.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`aisexec_domtrans',`
gen_require(`
type aisexec_t, aisexec_exec_t;
')
domtrans_pattern($1, aisexec_exec_t, aisexec_t)
')
#####################################
## <summary>
## Connect to aisexec over a unix domain
## stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`aisexec_stream_connect',`
gen_require(`
type aisexec_t, aisexec_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, aisexec_var_run_t, aisexec_var_run_t, aisexec_t)
')
#######################################
## <summary>
## Allow the specified domain to read aisexec's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`aisexec_read_log',`
gen_require(`
type aisexec_var_log_t;
')
logging_search_logs($1)
list_dirs_pattern($1, aisexec_var_log_t, aisexec_var_log_t)
read_files_pattern($1, aisexec_var_log_t, aisexec_var_log_t)
')
######################################
## <summary>
## All of the rules required to administrate
## an aisexec environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the aisexecd domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`aisexecd_admin',`
gen_require(`
type aisexec_t, aisexec_var_lib_t, aisexec_var_log_t;
type aisexec_var_run_t, aisexec_tmp_t, aisexec_tmpfs_t;
type aisexec_initrc_exec_t;
')
allow $1 aisexec_t:process { ptrace signal_perms };
ps_process_pattern($1, aisexec_t)
init_labeled_script_domtrans($1, aisexec_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 aisexec_initrc_exec_t system_r;
allow $2 system_r;
files_list_var_lib($1)
admin_pattern($1, aisexec_var_lib_t)
logging_list_logs($1)
admin_pattern($1, aisexec_var_log_t)
files_list_pids($1)
admin_pattern($1, aisexec_var_run_t)
files_list_tmp($1)
admin_pattern($1, aisexec_tmp_t)
admin_pattern($1, aisexec_tmpfs_t)
')