selinux-policy/policy/modules/services/icecast.if
Dominick Grift 1976ddda24 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-20 18:15:28 +02:00

188 lines
3.6 KiB
Plaintext

## <summary> ShoutCast compatible streaming media server</summary>
########################################
## <summary>
## Execute a domain transition to run icecast.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`icecast_domtrans',`
gen_require(`
type icecast_t, icecast_exec_t;
')
domtrans_pattern($1, icecast_exec_t, icecast_t)
')
########################################
## <summary>
## Allow domain signal icecast
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`icecast_signal',`
gen_require(`
type icecast_t;
')
allow $1 icecast_t:process signal;
')
########################################
## <summary>
## Execute icecast server in the icecast domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`icecast_initrc_domtrans',`
gen_require(`
type icecast_initrc_exec_t;
')
init_labeled_script_domtrans($1, icecast_initrc_exec_t)
')
########################################
## <summary>
## Read icecast PID files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`icecast_read_pid_files',`
gen_require(`
type icecast_var_run_t;
')
files_search_pids($1)
allow $1 icecast_var_run_t:file read_file_perms;
')
########################################
## <summary>
## Manage icecast pid files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`icecast_manage_pid_files',`
gen_require(`
type icecast_var_run_t;
')
files_search_pids($1)
manage_files_pattern($1, icecast_var_run_t, icecast_var_run_t)
')
########################################
## <summary>
## Allow the specified domain to read icecast's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`icecast_read_log',`
gen_require(`
type icecast_log_t;
')
logging_search_logs($1)
read_files_pattern($1, icecast_log_t, icecast_log_t)
')
########################################
## <summary>
## Allow the specified domain to append
## icecast log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`icecast_append_log',`
gen_require(`
type icecast_log_t;
')
logging_search_logs($1)
append_files_pattern($1, icecast_log_t, icecast_log_t)
')
########################################
## <summary>
## Allow domain to manage icecast log files
## </summary>
## <param name="domain">
## <summary>
## Domain allow access.
## </summary>
## </param>
#
interface(`icecast_manage_log',`
gen_require(`
type icecast_log_t;
')
logging_search_logs($1)
manage_files_pattern($1, icecast_log_t, icecast_log_t)
')
########################################
## <summary>
## All of the rules required to administrate
## an icecast environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`icecast_admin',`
gen_require(`
type icecast_t, icecast_initrc_exec_t;
')
allow $1 icecast_t:process { ptrace signal_perms };
ps_process_pattern($1, icecast_t)
# Allow icecast_t to restart the apache service
icecast_initrc_domtrans($1)
domain_system_change_exemption($1)
role_transition $2 icecast_initrc_exec_t system_r;
allow $2 system_r;
icecast_manage_pid_files($1)
icecast_manage_log($1)
')