Blame policy/modules/services/tor.if
|
Chris PeBenito |
17de1b7 |
## <summary>TOR, the onion router</summary>
|
|
Chris PeBenito |
17de1b7 |
|
|
Chris PeBenito |
17de1b7 |
########################################
|
|
Chris PeBenito |
17de1b7 |
## <summary>
|
|
Chris PeBenito |
17de1b7 |
## Execute a domain transition to run TOR.
|
|
Chris PeBenito |
17de1b7 |
## </summary>
|
|
Chris PeBenito |
17de1b7 |
## <param name="domain">
|
|
Chris PeBenito |
17de1b7 |
## <summary>
|
|
Chris PeBenito |
17de1b7 |
## Domain allowed to transition.
|
|
Chris PeBenito |
17de1b7 |
## </summary>
|
|
Chris PeBenito |
17de1b7 |
## </param>
|
|
Chris PeBenito |
17de1b7 |
#
|
|
Chris PeBenito |
17de1b7 |
interface(`tor_domtrans',`
|
|
Chris PeBenito |
17de1b7 |
gen_require(`
|
|
Chris PeBenito |
17de1b7 |
type tor_t, tor_exec_t;
|
|
Chris PeBenito |
17de1b7 |
')
|
|
Chris PeBenito |
17de1b7 |
|
|
Chris PeBenito |
17de1b7 |
domain_auto_trans($1,tor_exec_t,tor_t)
|
|
Chris PeBenito |
17de1b7 |
|
|
Chris PeBenito |
17de1b7 |
allow $1 tor_t:fd use;
|
|
Chris PeBenito |
17de1b7 |
allow tor_t $1:fd use;
|
|
Chris PeBenito |
17de1b7 |
allow tor_t $1:fifo_file rw_file_perms;
|
|
Chris PeBenito |
17de1b7 |
allow tor_t $1:process sigchld;
|
|
Chris PeBenito |
17de1b7 |
')
|