psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame dbadm.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   dbadm.te
Blob History Raw
Dominick Grift 9aa2bb3 
policy_module(dbadm, 1.0.1)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
1ec3d1a 
# Declarations
1ec3d1a 
#
1ec3d1a
1ec3d1a 
## <desc>
Dominick Grift 9aa2bb3 
##
Dominick Grift 9aa2bb3 
##	Determine whether dbadm can manage
Dominick Grift 879b4f3 
##	generic user files.
Dominick Grift 9aa2bb3 
##
1ec3d1a 
## </desc>
1ec3d1a 
gen_tunable(dbadm_manage_user_files, false)
1ec3d1a
1ec3d1a 
## <desc>
Dominick Grift 9aa2bb3 
##
Dominick Grift 9aa2bb3 
##	Determine whether dbadm can read
Dominick Grift 879b4f3 
##	generic user files.
Dominick Grift 9aa2bb3 
##
1ec3d1a 
## </desc>
1ec3d1a 
gen_tunable(dbadm_read_user_files, false)
1ec3d1a
1ec3d1a 
role dbadm_r;
1ec3d1a
1ec3d1a 
userdom_base_user_template(dbadm)
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
#
Dominick Grift 9aa2bb3 
# Local policy
1ec3d1a 
#
1ec3d1a
1ec3d1a 
allow dbadm_t self:capability { dac_override dac_read_search };
1ec3d1a
1ec3d1a 
files_dontaudit_search_all_dirs(dbadm_t)
1ec3d1a 
files_delete_generic_locks(dbadm_t)
1ec3d1a 
files_list_var(dbadm_t)
1ec3d1a
1ec3d1a 
selinux_get_enforce_mode(dbadm_t)
1ec3d1a
1ec3d1a 
logging_send_syslog_msg(dbadm_t)
1ec3d1a 
logging_send_audit_msgs(dbadm_t)
1ec3d1a
1ec3d1a 
userdom_dontaudit_search_user_home_dirs(dbadm_t)
1ec3d1a
1ec3d1a 
tunable_policy(`dbadm_manage_user_files',`
1ec3d1a 
	userdom_manage_user_home_content_files(dbadm_t)
1ec3d1a 
	userdom_read_user_tmp_files(dbadm_t)
1ec3d1a 
	userdom_write_user_tmp_files(dbadm_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
tunable_policy(`dbadm_read_user_files',`
1ec3d1a 
	userdom_read_user_home_content_files(dbadm_t)
1ec3d1a 
	userdom_read_user_tmp_files(dbadm_t)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	mysql_admin(dbadm_t, dbadm_r)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	postgresql_admin(dbadm_t, dbadm_r)
1ec3d1a 
')
1ec3d1a
1ec3d1a 
optional_policy(`
1ec3d1a 
	sudo_role_template(dbadm, dbadm_r, dbadm_t)
1ec3d1a 
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.