selinux-policy/policy/modules/services/vnstatd.if
Dominick Grift 61f4064286 Use list instead of search in admin interfaces.
Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.

Use list instead of search in admin interfaces.
2010-09-20 18:18:44 +02:00

151 lines
2.8 KiB
Plaintext

## <summary>policy for vnstatd</summary>
########################################
## <summary>
## Execute a domain transition to run vnstatd.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`vnstatd_domtrans',`
gen_require(`
type vnstatd_t, vnstatd_exec_t;
')
domtrans_pattern($1, vnstatd_exec_t, vnstatd_t)
')
########################################
## <summary>
## Execute a domain transition to run vnstat.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`vnstatd_domtrans_vnstat',`
gen_require(`
type vnstat_t, vnstat_exec_t;
')
domtrans_pattern($1, vnstat_exec_t, vnstat_t)
')
########################################
## <summary>
## Search vnstatd lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`vnstatd_search_lib',`
gen_require(`
type vnstatd_var_lib_t;
')
allow $1 vnstatd_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Read vnstatd lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`vnstatd_read_lib_files',`
gen_require(`
type vnstatd_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
')
########################################
## <summary>
## Create, read, write, and delete
## vnstatd lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`vnstatd_manage_lib_files',`
gen_require(`
type vnstatd_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
')
########################################
## <summary>
## Manage vnstatd lib dirs files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`vnstatd_manage_lib_dirs',`
gen_require(`
type vnstatd_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
')
########################################
## <summary>
## All of the rules required to administrate
## an vnstatd environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`vnstatd_admin',`
gen_require(`
type vnstatd_t;
type vnstatd_var_lib_t;
')
allow $1 vnstatd_t:process { ptrace signal_perms };
ps_process_pattern($1, vnstatd_t)
files_list_var_lib($1)
admin_pattern($1, vnstatd_var_lib_t)
')