psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame shutdown.if

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   8729d09a241ca122ea0a6f10cc2c1717e84a5306
  2.   shutdown.if
Blob History Raw
Dominick Grift a82c6bb 
## <summary>System shutdown command.</summary>
Dominick Grift a82c6bb
Dominick Grift a82c6bb 
########################################
Dominick Grift a82c6bb 
## <summary>
Dominick Grift 2a044b1 
##	Role access for shutdown.
Dominick Grift a82c6bb 
## </summary>
Dominick Grift a82c6bb 
## <param name="role">
Dominick Grift a82c6bb 
##	<summary>
Dominick Grift 2a044b1 
##	Role allowed access.
Dominick Grift a82c6bb 
##	</summary>
Dominick Grift a82c6bb 
## </param>
Dominick Grift a82c6bb 
## <param name="domain">
Dominick Grift a82c6bb 
##	<summary>
Dominick Grift 2a044b1 
##	User domain for the role.
Dominick Grift a82c6bb 
##	</summary>
Dominick Grift a82c6bb 
## </param>
Dominick Grift a82c6bb 
#
Dominick Grift a82c6bb 
interface(`shutdown_role',`
Dominick Grift a82c6bb 
	gen_require(`
Dominick Grift a82c6bb 
		type shutdown_t;
Dominick Grift a82c6bb 
	')
Dominick Grift a82c6bb
Dominick Grift a82c6bb 
	shutdown_run($2, $1)
Dominick Grift a82c6bb
Dominick Grift a82c6bb 
	allow $2 shutdown_t:process { ptrace signal_perms };
Dominick Grift a82c6bb 
	ps_process_pattern($2, shutdown_t)
Dominick Grift a82c6bb 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Chris PeBenito 9401ae1 
##	Execute a domain transition to run shutdown.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
## <summary>
Chris PeBenito 9401ae1 
##	Domain allowed to transition.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`shutdown_domtrans',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type shutdown_t, shutdown_exec_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	corecmd_search_bin($1)
Chris PeBenito 9401ae1 
	domtrans_pattern($1, shutdown_exec_t, shutdown_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift a82c6bb 
##	Execute shutdown in the shutdown
Dominick Grift a82c6bb 
##	domain, and allow the specified role
Dominick Grift a82c6bb 
##	the shutdown domain.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed to transition.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
## <param name="role">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Role allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`shutdown_run',`
Chris PeBenito 9401ae1 
	gen_require(`
Dominick Grift a82c6bb 
		attribute_role shutdown_roles;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	shutdown_domtrans($1)
Dominick Grift a82c6bb 
	roleattribute $2 shutdown_roles;
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift 9641916 
##	Send generic signals to shutdown.
Dominick Grift 9641916 
## </summary>
Dominick Grift 9641916 
## <param name="domain">
Dominick Grift 9641916 
##	<summary>
Dominick Grift 9641916 
##	Domain allowed access.
Dominick Grift 9641916 
##	</summary>
Dominick Grift 9641916 
## </param>
Dominick Grift 9641916 
#
Dominick Grift 9641916 
interface(`shutdown_signal',`
Dominick Grift 9641916 
	gen_require(`
Dominick Grift 9641916 
		type shutdown_t;
Dominick Grift 9641916 
	')
Dominick Grift 9641916
Dominick Grift 9641916 
	allow shutdown_t $1:process signal;
Dominick Grift 9641916 
')
Dominick Grift 9641916
Dominick Grift 9641916 
########################################
Dominick Grift 9641916 
## <summary>
Dominick Grift a82c6bb 
##	Get attributes of shutdown executable files.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`shutdown_getattr_exec_files',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type shutdown_exec_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	corecmd_search_bin($1)
Chris PeBenito 9401ae1 
	allow $1 shutdown_exec_t:file getattr_file_perms;
Chris PeBenito 9401ae1 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.