selinux-policy/policy/modules/services/rwho.if
Dominick Grift 2a724571c9 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-21 13:49:58 +02:00

155 lines
2.9 KiB
Plaintext

## <summary>Who is logged in on other machines?</summary>
########################################
## <summary>
## Execute a domain transition to run rwho.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`rwho_domtrans',`
gen_require(`
type rwho_t, rwho_exec_t;
')
domtrans_pattern($1, rwho_exec_t, rwho_t)
')
########################################
## <summary>
## Search rwho log directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rwho_search_log',`
gen_require(`
type rwho_log_t;
')
allow $1 rwho_log_t:dir search_dir_perms;
logging_search_logs($1)
')
########################################
## <summary>
## Read rwho log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rwho_read_log_files',`
gen_require(`
type rwho_log_t;
')
allow $1 rwho_log_t:file read_file_perms;
allow $1 rwho_log_t:dir list_dir_perms;
logging_search_logs($1)
')
########################################
## <summary>
## Search rwho spool directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rwho_search_spool',`
gen_require(`
type rwho_spool_t;
')
allow $1 rwho_spool_t:dir search_dir_perms;
files_search_spool($1)
')
########################################
## <summary>
## Read rwho spool files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rwho_read_spool_files',`
gen_require(`
type rwho_spool_t;
')
read_files_pattern($1, rwho_spool_t, rwho_spool_t)
files_search_spool($1)
')
########################################
## <summary>
## Create, read, write, and delete
## rwho spool files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rwho_manage_spool_files',`
gen_require(`
type rwho_spool_t;
')
manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
files_search_spool($1)
')
########################################
## <summary>
## All of the rules required to administrate
## an rwho environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`rwho_admin',`
gen_require(`
type rwho_t, rwho_log_t, rwho_spool_t;
type rwho_initrc_exec_t;
')
allow $1 rwho_t:process { ptrace signal_perms };
ps_process_pattern($1, rwho_t)
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 rwho_initrc_exec_t system_r;
allow $2 system_r;
logging_list_logs($1)
admin_pattern($1, rwho_log_t)
files_list_spool($1)
admin_pattern($1, rwho_spool_t)
')