selinux-policy/policy/modules/services/smartmon.if
Dominick Grift f92662114a Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.

Search parent directory to be able to interact with target content.
2010-09-16 12:18:33 +02:00

59 lines
1.2 KiB
Plaintext

## <summary>Smart disk monitoring daemon policy</summary>
#######################################
## <summary>
## Allow caller to read smartmon temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`smartmon_read_tmp_files',`
gen_require(`
type fsdaemon_tmp_t;
')
files_search_tmp($1)
allow $1 fsdaemon_tmp_t:file read_file_perms;
')
########################################
## <summary>
## All of the rules required to administrate
## an smartmon environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`smartmon_admin',`
gen_require(`
type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
type fsdaemon_initrc_exec_t;
')
allow $1 fsdaemon_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, fsdaemon_t)
init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 fsdaemon_initrc_exec_t system_r;
allow $2 system_r;
files_list_tmp($1)
admin_pattern($1, fsdaemon_tmp_t)
files_list_pids($1)
admin_pattern($1, fsdaemon_var_run_t)
')