|
|
1ec3d1a |
## <summary>RAID array management tools</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute software raid tools in the mdadm domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`raid_domtrans_mdadm',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mdadm_t, mdadm_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
corecmd_search_bin($1)
|
|
|
1ec3d1a |
domtrans_pattern($1, mdadm_exec_t, mdadm_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute a domain transition to mdadm_t for the
|
|
|
1ec3d1a |
## specified role, allowing it to use the mdadm_t
|
|
|
1ec3d1a |
## domain
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role allowed to access mdadm_t domain
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition to mdadm_t
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`raid_run_mdadm',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mdadm_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
role $1 types mdadm_t;
|
|
|
1ec3d1a |
raid_domtrans_mdadm($2)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## read the mdadm pid files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`raid_read_mdadm_pid',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mdadm_var_run_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
read_files_pattern($1, mdadm_var_run_t, mdadm_var_run_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create, read, write, and delete the mdadm pid files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <desc>
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
## Create, read, write, and delete the mdadm pid files.
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
## Added for use in the init module.
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
## </desc>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`raid_manage_mdadm_pid',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type mdadm_var_run_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# FIXME: maybe should have a type_transition. not
|
|
|
1ec3d1a |
# clear what this is doing, from the original
|
|
|
1ec3d1a |
# mdadm policy
|
|
|
1ec3d1a |
allow $1 mdadm_var_run_t:file manage_file_perms;
|
|
|
1ec3d1a |
')
|