102 lines
2.1 KiB
Plaintext
102 lines
2.1 KiB
Plaintext
## <summary>Line printer daemon</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute lpd in the lpd domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain allowed access.
|
|
## </param>
|
|
#
|
|
interface(`lpd_domtrans_checkpc',`
|
|
gen_require(`
|
|
type checkpc_t, checkpc_exec_t;
|
|
')
|
|
|
|
domain_auto_trans($1,checkpc_exec_t,checkpc_t)
|
|
|
|
allow $1 checkpc_t:fd use;
|
|
allow checkpc_t $1:fd use;
|
|
allow checkpc_t $1:fifo_file rw_file_perms;
|
|
allow checkpc_t $1:process sigchld;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute amrecover in the lpd domain, and
|
|
## allow the specified role the lpd domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain allowed access.
|
|
## </param>
|
|
## <param name="role">
|
|
## The role to be allowed the lpd domain.
|
|
## </param>
|
|
## <param name="terminal">
|
|
## The type of the terminal allow the lpd domain to use.
|
|
## </param>
|
|
#
|
|
interface(`lpd_run_checkpc',`
|
|
gen_require(`
|
|
type checkpc_t;
|
|
')
|
|
|
|
lpd_domtrans_checkpc($1)
|
|
role $2 types checkpc_t;
|
|
allow checkpc_t $3:chr_file rw_term_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List the contents of the printer spool directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain allowed access.
|
|
## </param>
|
|
#
|
|
interface(`lpd_list_spool',`
|
|
gen_require(`
|
|
type print_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
allow $1 print_spool_t:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete printer spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain allowed access.
|
|
## </param>
|
|
#
|
|
interface(`lpd_manage_spool',`
|
|
gen_require(`
|
|
type print_spool_t;
|
|
')
|
|
|
|
files_search_spool($1)
|
|
|
|
# cjp: cups wants setattr
|
|
allow $1 print_spool_t:dir { rw_dir_perms setattr };
|
|
allow $1 print_spool_t:file manage_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## List the contents of the printer spool directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain allowed access.
|
|
## </param>
|
|
#
|
|
interface(`lpd_read_config',`
|
|
gen_require(`
|
|
type printconf_t;
|
|
')
|
|
|
|
allow $1 printconf_t:dir list_dir_perms;
|
|
allow $1 printconf_t:file r_file_perms;
|
|
')
|