selinux-policy/policy/modules/admin/amanda.if
Dominick Grift 8296eb2261 Clean up Amanda module.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-09 08:13:13 -04:00

162 lines
3.1 KiB
Plaintext

## <summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
########################################
## <summary>
## Execute a domain transition to run
## Amanda recover.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`amanda_domtrans_recover',`
gen_require(`
type amanda_recover_t, amanda_recover_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, amanda_recover_exec_t, amanda_recover_t)
')
########################################
## <summary>
## Execute a domain transition to run
## Amanda recover, and allow the specified
## role the Amanda recover domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`amanda_run_recover',`
gen_require(`
type amanda_recover_t;
')
amanda_domtrans_recover($1)
role $2 types amanda_recover_t;
')
########################################
## <summary>
## Search Amanda library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`amanda_search_lib',`
gen_require(`
type amanda_usr_lib_t;
')
files_search_usr($1)
allow $1 amanda_usr_lib_t:dir search_dir_perms;
')
########################################
## <summary>
## Do not audit attempts to read /etc/dumpdates.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`amanda_dontaudit_read_dumpdates',`
gen_require(`
type amanda_dumpdates_t;
')
dontaudit $1 amanda_dumpdates_t:file { getattr read };
')
########################################
## <summary>
## Read and write /etc/dumpdates.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`amanda_rw_dumpdates_files',`
gen_require(`
type amanda_dumpdates_t;
')
files_search_etc($1)
allow $1 amanda_dumpdates_t:file rw_file_perms;
')
########################################
## <summary>
## Search Amanda library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`amanda_manage_lib',`
gen_require(`
type amanda_usr_lib_t;
')
files_search_usr($1)
allow $1 amanda_usr_lib_t:dir manage_dir_perms;
')
########################################
## <summary>
## Read and append amanda logs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`amanda_append_log_files',`
gen_require(`
type amanda_log_t;
')
logging_search_logs($1)
allow $1 amanda_log_t:file { read_file_perms append_file_perms };
')
#######################################
## <summary>
## Search Amanda var library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`amanda_search_var_lib',`
gen_require(`
type amanda_var_lib_t;
')
files_search_var_lib($1)
allow $1 amanda_var_lib_t:dir search_dir_perms;
')