|
Dominick Grift |
8d4335e |
## <summary>Log analyzer for squid proxy.</summary>
|
|
Dominick Grift |
8d4335e |
|
|
Dominick Grift |
8d4335e |
########################################
|
|
Dominick Grift |
8d4335e |
## <summary>
|
|
Dominick Grift |
8d4335e |
## Execute the lightsquid program in
|
|
Dominick Grift |
8d4335e |
## the lightsquid domain.
|
|
Dominick Grift |
8d4335e |
## </summary>
|
|
Dominick Grift |
8d4335e |
## <param name="domain">
|
|
Dominick Grift |
8d4335e |
## <summary>
|
|
Dominick Grift |
8d4335e |
## Domain allowed to transition.
|
|
Dominick Grift |
8d4335e |
## </summary>
|
|
Dominick Grift |
8d4335e |
## </param>
|
|
Dominick Grift |
8d4335e |
#
|
|
Dominick Grift |
8d4335e |
interface(`lightsquid_domtrans',`
|
|
Dominick Grift |
8d4335e |
gen_require(`
|
|
Dominick Grift |
8d4335e |
type lightsquid_t, lightsquid_exec_t;
|
|
Dominick Grift |
8d4335e |
')
|
|
Dominick Grift |
8d4335e |
|
|
Dominick Grift |
8d4335e |
corecmd_search_bin($1)
|
|
Dominick Grift |
8d4335e |
domtrans_pattern($1, lightsquid_exec_t, lightsquid_t)
|
|
Dominick Grift |
8d4335e |
')
|
|
Dominick Grift |
8d4335e |
|
|
Dominick Grift |
8d4335e |
########################################
|
|
Dominick Grift |
8d4335e |
## <summary>
|
|
Dominick Grift |
8d4335e |
## Execute lightsquid in the
|
|
Dominick Grift |
8d4335e |
## lightsquid domain, and allow the
|
|
Dominick Grift |
8d4335e |
## specified role the lightsquid domain.
|
|
Dominick Grift |
8d4335e |
## </summary>
|
|
Dominick Grift |
8d4335e |
## <param name="domain">
|
|
Dominick Grift |
8d4335e |
## <summary>
|
|
Dominick Grift |
8d4335e |
## Domain allowed to transition.
|
|
Dominick Grift |
8d4335e |
## </summary>
|
|
Dominick Grift |
8d4335e |
## </param>
|
|
Dominick Grift |
8d4335e |
## <param name="role">
|
|
Dominick Grift |
8d4335e |
## <summary>
|
|
Dominick Grift |
8d4335e |
## Role allowed access.
|
|
Dominick Grift |
8d4335e |
## </summary>
|
|
Dominick Grift |
8d4335e |
## </param>
|
|
Dominick Grift |
8d4335e |
#
|
|
Dominick Grift |
8d4335e |
interface(`lightsquid_run',`
|
|
Dominick Grift |
8d4335e |
gen_require(`
|
|
Dominick Grift |
f5315a6 |
attribute_role lightsquid_roles;
|
|
Dominick Grift |
8d4335e |
')
|
|
Dominick Grift |
8d4335e |
|
|
Dominick Grift |
8d4335e |
lightsquid_domtrans($1)
|
|
Dominick Grift |
f5315a6 |
roleattribute $2 lightsquid_roles;
|
|
Dominick Grift |
8d4335e |
')
|
|
Dominick Grift |
fdb39ab |
|
|
Dominick Grift |
fdb39ab |
########################################
|
|
Dominick Grift |
fdb39ab |
## <summary>
|
|
Dominick Grift |
fdb39ab |
## All of the rules required to
|
|
Dominick Grift |
fdb39ab |
## administrate an lightsquid environment.
|
|
Dominick Grift |
fdb39ab |
## </summary>
|
|
Dominick Grift |
fdb39ab |
## <param name="domain">
|
|
Dominick Grift |
fdb39ab |
## <summary>
|
|
Dominick Grift |
fdb39ab |
## Domain allowed access.
|
|
Dominick Grift |
fdb39ab |
## </summary>
|
|
Dominick Grift |
fdb39ab |
## </param>
|
|
Dominick Grift |
fdb39ab |
## <param name="role">
|
|
Dominick Grift |
fdb39ab |
## <summary>
|
|
Dominick Grift |
fdb39ab |
## Role allowed access.
|
|
Dominick Grift |
fdb39ab |
## </summary>
|
|
Dominick Grift |
fdb39ab |
## </param>
|
|
Dominick Grift |
fdb39ab |
## <rolecap/>
|
|
Dominick Grift |
fdb39ab |
#
|
|
Dominick Grift |
fdb39ab |
interface(`lightsquid_admin',`
|
|
Dominick Grift |
fdb39ab |
gen_require(`
|
|
Dominick Grift |
fdb39ab |
type lightsquid_t, lightsquid_rw_content_t;
|
|
Dominick Grift |
fdb39ab |
')
|
|
Dominick Grift |
fdb39ab |
|
|
Dominick Grift |
fdb39ab |
allow $1 lightsquid_t:process { ptrace signal_perms };
|
|
Dominick Grift |
fdb39ab |
ps_process_pattern($1, lightsquid_t)
|
|
Dominick Grift |
fdb39ab |
|
|
Dominick Grift |
fdb39ab |
lightsquid_run($1, $2)
|
|
Dominick Grift |
fdb39ab |
|
|
Dominick Grift |
fdb39ab |
files_search_var_lib($1)
|
|
Dominick Grift |
fdb39ab |
admin_pattern($1, lightsquid_rw_content_t)
|
|
Dominick Grift |
fdb39ab |
|
|
Dominick Grift |
fdb39ab |
apache_list_sys_content($1)
|
|
Dominick Grift |
fdb39ab |
')
|