selinux-policy/policy/modules/services/puppet.if
2009-11-11 11:28:50 -05:00

32 lines
780 B
Plaintext

## <summary>Puppet client daemon</summary>
## <desc>
## <p>
## Puppet is a configuration management system written in Ruby.
## The client daemon is responsible for periodically requesting the
## desired system state from the server and ensuring the state of
## the client system matches.
## </p>
## </desc>
################################################
## <summary>
## Read / Write to Puppet temp files. Puppet uses
## some system binaries (groupadd, etc) that run in
## a non-puppet domain and redirects output into temp
## files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`puppet_rw_tmp', `
gen_require(`
type puppet_tmp_t;
')
allow $1 puppet_tmp_t:file rw_file_perms;
files_search_tmp($1)
')