psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame stapserver.if

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   stapserver.if
Blob History Raw
fc48231
fc48231 
## <summary> Instrumentation System Server </summary>
fc48231
fc48231 
########################################
fc48231 
## <summary>
fc48231 
##	Execute stapserver in the stapserver domain.
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
## <summary>
fc48231 
##	Domain allowed to transition.
fc48231 
## </summary>
fc48231 
## </param>
fc48231 
#
fc48231 
interface(`stapserver_domtrans',`
fc48231 
	gen_require(`
fc48231 
		type stapserver_t, stapserver_exec_t;
fc48231 
	')
fc48231
fc48231 
	corecmd_search_bin($1)
fc48231 
	domtrans_pattern($1, stapserver_exec_t, stapserver_t)
fc48231 
')
fc48231 
########################################
fc48231 
## <summary>
fc48231 
##	Read stapserver's log files.
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
##	<summary>
fc48231 
##	Domain allowed access.
fc48231 
##	</summary>
fc48231 
## </param>
fc48231 
## <rolecap/>
fc48231 
#
fc48231 
interface(`stapserver_read_log',`
fc48231 
	gen_require(`
fc48231 
		type stapserver_log_t;
fc48231 
	')
fc48231
fc48231 
	logging_search_logs($1)
fc48231 
	read_files_pattern($1, stapserver_log_t, stapserver_log_t)
fc48231 
')
fc48231
fc48231 
########################################
fc48231 
## <summary>
fc48231 
##	Append to stapserver log files.
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
##	<summary>
fc48231 
##	Domain allowed access.
fc48231 
##	</summary>
fc48231 
## </param>
fc48231 
#
fc48231 
interface(`stapserver_append_log',`
fc48231 
	gen_require(`
fc48231 
		type stapserver_log_t;
fc48231 
	')
fc48231
fc48231 
	logging_search_logs($1)
fc48231 
	append_files_pattern($1, stapserver_log_t, stapserver_log_t)
fc48231 
')
fc48231
fc48231 
########################################
fc48231 
## <summary>
fc48231 
##	Manage stapserver log files
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
##	<summary>
fc48231 
##	Domain allowed access.
fc48231 
##	</summary>
fc48231 
## </param>
fc48231 
#
fc48231 
interface(`stapserver_manage_log',`
fc48231 
	gen_require(`
fc48231 
		type stapserver_log_t;
fc48231 
	')
fc48231
fc48231 
	logging_search_logs($1)
fc48231 
	manage_dirs_pattern($1, stapserver_log_t, stapserver_log_t)
fc48231 
	manage_files_pattern($1, stapserver_log_t, stapserver_log_t)
fc48231 
	manage_lnk_files_pattern($1, stapserver_log_t, stapserver_log_t)
fc48231 
')
fc48231 
########################################
fc48231 
## <summary>
fc48231 
##	Read stapserver PID files.
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
##	<summary>
fc48231 
##	Domain allowed access.
fc48231 
##	</summary>
fc48231 
## </param>
fc48231 
#
fc48231 
interface(`stapserver_read_pid_files',`
fc48231 
	gen_require(`
fc48231 
		type stapserver_var_run_t;
fc48231 
	')
fc48231
fc48231 
	files_search_pids($1)
fc48231 
	allow $1 stapserver_var_run_t:file read_file_perms;
fc48231 
')
fc48231
fc48231 
#######################################
fc48231 
## <summary>
fc48231 
##      Manage stapserver lib files
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
##      <summary>
fc48231 
##      Domain allowed access.
fc48231 
##      </summary>
fc48231 
## </param>
fc48231 
#
fc48231 
interface(`stapserver_manage_lib',`
fc48231 
        gen_require(`
fc48231 
                type stapserver_var_lib_t;
fc48231 
        ')
fc48231
fc48231 
        manage_dirs_pattern($1, stapserver_var_lib_t, stapserver_var_lib_t)
fc48231 
        manage_files_pattern($1, stapserver_var_lib_t, stapserver_var_lib_t)
fc48231 
')
fc48231
fc48231 
########################################
fc48231 
## <summary>
fc48231 
##	All of the rules required to administrate
fc48231 
##	an stapserver environment
fc48231 
## </summary>
fc48231 
## <param name="domain">
fc48231 
##	<summary>
fc48231 
##	Domain allowed access.
fc48231 
##	</summary>
fc48231 
## </param>
fc48231 
## <rolecap/>
fc48231 
#
fc48231 
interface(`stapserver_admin',`
fc48231 
	gen_require(`
fc48231 
		type stapserver_t;
fc48231 
		type stapserver_log_t;
fc48231 
		type stapserver_var_run_t;
fc48231 
	')
fc48231
fc48231 
	allow $1 stapserver_t:process { ptrace signal_perms };
fc48231 
	ps_process_pattern($1, stapserver_t)
fc48231
fc48231 
	logging_search_logs($1)
fc48231 
	admin_pattern($1, stapserver_log_t)
fc48231
fc48231 
	files_search_pids($1)
fc48231 
	admin_pattern($1, stapserver_var_run_t)
fc48231
fc48231 
	optional_policy(`
fc48231 
		systemd_passwd_agent_exec($1)
fc48231 
		systemd_read_fifo_file_passwd_run($1)
fc48231 
	')
fc48231 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.