2f94f46028
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Signed-off-by: Dominick Grift <domg472@gmail.com> Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
129 lines
2.4 KiB
Plaintext
129 lines
2.4 KiB
Plaintext
## <summary>Dynamic adaptive system tuning daemon</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run tuned.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`tuned_domtrans',`
|
|
gen_require(`
|
|
type tuned_t, tuned_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, tuned_exec_t, tuned_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Execute tuned in the caller domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`tuned_exec',`
|
|
gen_require(`
|
|
type tuned_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
can_exec($1, tuned_exec_t)
|
|
')
|
|
|
|
######################################
|
|
## <summary>
|
|
## Read tuned PID files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`tuned_read_pid_files',`
|
|
gen_require(`
|
|
type tuned_var_run_t;
|
|
')
|
|
|
|
files_search_pids($1)
|
|
read_files_pattern($1, tuned_var_run_t, tuned_var_run_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Manage tuned PID files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`tuned_manage_pid_files',`
|
|
gen_require(`
|
|
type tuned_var_run_t;
|
|
')
|
|
|
|
files_search_pids($1)
|
|
manage_files_pattern($1, tuned_var_run_t, tuned_var_run_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute tuned server in the tuned domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`tuned_initrc_domtrans',`
|
|
gen_require(`
|
|
type tuned_initrc_exec_t;
|
|
')
|
|
|
|
init_labeled_script_domtrans($1, tuned_initrc_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an tuned environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`tuned_admin',`
|
|
gen_require(`
|
|
type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 tuned_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, tuned_t)
|
|
|
|
tuned_initrc_domtrans($1)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 tuned_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
files_search_pids($1)
|
|
admin_pattern($1, tuned_var_run_t)
|
|
')
|