|
|
1ec3d1a |
## <summary>Administration Server for Directory Server, dirsrv-admin.</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Exec dirsrv-admin programs.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_run_exec',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type dirsrvadmin_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 dirsrvadmin_exec_t:dir search_dir_perms;
|
|
|
1ec3d1a |
can_exec($1, dirsrvadmin_exec_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Exec cgi programs.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_run_httpd_script_exec',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type httpd_dirsrvadmin_script_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 httpd_dirsrvadmin_script_exec_t:dir search_dir_perms;
|
|
|
1ec3d1a |
can_exec($1, httpd_dirsrvadmin_script_exec_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Manage dirsrv-adminserver configuration files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_read_config',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type dirsrvadmin_config_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
read_files_pattern($1, dirsrvadmin_config_t, dirsrvadmin_config_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Manage dirsrv-adminserver configuration files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_manage_config',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type dirsrvadmin_config_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 dirsrvadmin_config_t:dir manage_dir_perms;
|
|
|
1ec3d1a |
allow $1 dirsrvadmin_config_t:file manage_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Read dirsrv-adminserver tmp files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_read_tmp',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type dirsrvadmin_tmp_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
read_files_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Manage dirsrv-adminserver tmp files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_manage_tmp',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type dirsrvadmin_tmp_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_files_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
|
|
|
1ec3d1a |
manage_dirs_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute admin cgi programs in caller domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`dirsrvadmin_domtrans_unconfined_script_t',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type dirsrvadmin_unconfined_script_t;
|
|
|
1ec3d1a |
type dirsrvadmin_unconfined_script_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domtrans_pattern($1, dirsrvadmin_unconfined_script_exec_t, dirsrvadmin_unconfined_script_t)
|
|
|
1ec3d1a |
allow $1 dirsrvadmin_unconfined_script_t:process signal_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
')
|