61f4064286
Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces. Use list instead of search in admin interfaces.
112 lines
2.1 KiB
Plaintext
112 lines
2.1 KiB
Plaintext
## <summary>Kernel crash dumping mechanism</summary>
|
|
|
|
######################################
|
|
## <summary>
|
|
## Execute kdump in the kdump domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`kdump_domtrans',`
|
|
gen_require(`
|
|
type kdump_t, kdump_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, kdump_exec_t, kdump_t)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Execute kdump in the kdump domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`kdump_initrc_domtrans',`
|
|
gen_require(`
|
|
type kdump_initrc_exec_t;
|
|
')
|
|
|
|
init_labeled_script_domtrans($1, kdump_initrc_exec_t)
|
|
')
|
|
|
|
#####################################
|
|
## <summary>
|
|
## Read kdump configuration file.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`kdump_read_config',`
|
|
gen_require(`
|
|
type kdump_etc_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 kdump_etc_t:file read_file_perms;
|
|
')
|
|
|
|
####################################
|
|
## <summary>
|
|
## Manage kdump configuration file.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`kdump_manage_config',`
|
|
gen_require(`
|
|
type kdump_etc_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 kdump_etc_t:file manage_file_perms;
|
|
')
|
|
|
|
######################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an kdump environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role to be allowed to manage the kdump domain.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`kdump_admin',`
|
|
gen_require(`
|
|
type kdump_t, kdump_etc_t;
|
|
type kdump_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 kdump_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, kdump_t)
|
|
|
|
init_labeled_script_domtrans($1, kdump_initrc_exec_t)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 kdump_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
files_list_etc($1)
|
|
admin_pattern($1, kdump_etc_t)
|
|
')
|