162 lines
3.1 KiB
Plaintext
162 lines
3.1 KiB
Plaintext
## <summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run
|
|
## Amanda recover.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_domtrans_recover',`
|
|
gen_require(`
|
|
type amanda_recover_t, amanda_recover_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, amanda_recover_exec_t, amanda_recover_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run
|
|
## Amanda recover, and allow the specified
|
|
## role the Amanda recover domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`amanda_run_recover',`
|
|
gen_require(`
|
|
type amanda_recover_t;
|
|
')
|
|
|
|
amanda_domtrans_recover($1)
|
|
role $2 types amanda_recover_t;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search Amanda library directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_search_lib',`
|
|
gen_require(`
|
|
type amanda_usr_lib_t;
|
|
')
|
|
|
|
files_search_usr($1)
|
|
allow $1 amanda_usr_lib_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read /etc/dumpdates.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_dontaudit_read_dumpdates',`
|
|
gen_require(`
|
|
type amanda_dumpdates_t;
|
|
')
|
|
|
|
dontaudit $1 amanda_dumpdates_t:file { getattr read };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write /etc/dumpdates.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_rw_dumpdates_files',`
|
|
gen_require(`
|
|
type amanda_dumpdates_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 amanda_dumpdates_t:file rw_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search Amanda library directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_manage_lib',`
|
|
gen_require(`
|
|
type amanda_usr_lib_t;
|
|
')
|
|
|
|
files_search_usr($1)
|
|
allow $1 amanda_usr_lib_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and append amanda logs.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_append_log_files',`
|
|
gen_require(`
|
|
type amanda_log_t;
|
|
')
|
|
|
|
logging_search_logs($1)
|
|
allow $1 amanda_log_t:file { read_file_perms append_file_perms };
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Search Amanda var library directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`amanda_search_var_lib',`
|
|
gen_require(`
|
|
type amanda_var_lib_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
allow $1 amanda_var_lib_t:dir search_dir_perms;
|
|
')
|