selinux-policy/policy/modules/services/ulogd.if
Dominick Grift 61f4064286 Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.
2010-09-20 18:18:44 +02:00

143 lines
2.9 KiB
Plaintext

## <summary>Iptables/netfilter userspace logging daemon.</summary>
########################################
## <summary>
## Execute a domain transition to run ulogd.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`ulogd_domtrans',`
gen_require(`
type ulogd_t, ulogd_exec_t;
')
domtrans_pattern($1, ulogd_exec_t, ulogd_t)
')
########################################
## <summary>
## Allow the specified domain to read
## ulogd configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_read_config',`
gen_require(`
type ulogd_etc_t;
')
files_search_etc($1)
read_files_pattern($1, ulogd_etc_t, ulogd_etc_t)
')
########################################
## <summary>
## Allow the specified domain to read ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_read_log',`
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir list_dir_perms;
read_files_pattern($1, ulogd_var_log_t, ulogd_var_log_t)
')
#######################################
## <summary>
## Allow the specified domain to search ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ulogd_search_log',`
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir search_dir_perms;
')
########################################
## <summary>
## Allow the specified domain to append to ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_append_log',`
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir list_dir_perms;
allow $1 ulogd_var_log_t:file append_file_perms;
')
########################################
## <summary>
## All of the rules required to administrate
## an ulogd environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the syslog domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`ulogd_admin',`
gen_require(`
type ulogd_t, ulogd_etc_t, ulogd_modules_t;
type ulogd_var_log_t, ulogd_initrc_exec_t;
')
allow $1 ulogd_t:process { ptrace signal_perms };
ps_process_pattern($1, ulogd_t)
init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 ulogd_initrc_exec_t system_r;
allow $2 system_r;
files_list_etc($1)
admin_pattern($1, ulogd_etc_t)
logging_list_logs($1)
admin_pattern($1, ulogd_var_log_t)
files_list_usr($1)
admin_pattern($1, ulogd_modules_t)
')