psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame dbadm.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   d20ab32567945a2e100cef5d3ee94693e19b01a7
  2.   dbadm.te
Blob History Raw
Dominick Grift 9aa2bb3 
policy_module(dbadm, 1.0.1)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
# Declarations
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
## <desc>
Dominick Grift 9aa2bb3 
##
Dominick Grift 9aa2bb3 
##	Determine whether dbadm can manage
Dominick Grift 9aa2bb3 
##	files in users home directories.
Dominick Grift 9aa2bb3 
##
Chris PeBenito 9401ae1 
## </desc>
Chris PeBenito 9401ae1 
gen_tunable(dbadm_manage_user_files, false)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
## <desc>
Dominick Grift 9aa2bb3 
##
Dominick Grift 9aa2bb3 
##	Determine whether dbadm can read
Dominick Grift 9aa2bb3 
##	files in users home directories.
Dominick Grift 9aa2bb3 
##
Chris PeBenito 9401ae1 
## </desc>
Chris PeBenito 9401ae1 
gen_tunable(dbadm_read_user_files, false)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
role dbadm_r;
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
userdom_base_user_template(dbadm)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
#
Dominick Grift 9aa2bb3 
# Local policy
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
allow dbadm_t self:capability { dac_override dac_read_search sys_ptrace };
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
files_dontaudit_search_all_dirs(dbadm_t)
Chris PeBenito 9401ae1 
files_delete_generic_locks(dbadm_t)
Chris PeBenito 9401ae1 
files_list_var(dbadm_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
selinux_get_enforce_mode(dbadm_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
logging_send_syslog_msg(dbadm_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
userdom_dontaudit_search_user_home_dirs(dbadm_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
tunable_policy(`dbadm_manage_user_files',`
Chris PeBenito 9401ae1 
	userdom_manage_user_home_content_files(dbadm_t)
Chris PeBenito 9401ae1 
	userdom_read_user_tmp_files(dbadm_t)
Chris PeBenito 9401ae1 
	userdom_write_user_tmp_files(dbadm_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
tunable_policy(`dbadm_read_user_files',`
Chris PeBenito 9401ae1 
	userdom_read_user_home_content_files(dbadm_t)
Chris PeBenito 9401ae1 
	userdom_read_user_tmp_files(dbadm_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	mysql_admin(dbadm_t, dbadm_r)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	postgresql_admin(dbadm_t, dbadm_r)
Chris PeBenito 9401ae1 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.