psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame tgtd.if

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   tgtd.if
Blob History Raw
1ec3d1a 
## <summary>Linux Target Framework Daemon.</summary>
1ec3d1a
1ec3d1a 
#####################################
1ec3d1a 
## <summary>
Dominick Grift e38bdef 
##	Read and write tgtd semaphores.
1ec3d1a 
## </summary>
1ec3d1a 
## <param name="domain">
1ec3d1a 
##	<summary>
1ec3d1a 
##	Domain allowed access.
1ec3d1a 
##	</summary>
1ec3d1a 
## </param>
1ec3d1a 
#
1ec3d1a 
interface(`tgtd_rw_semaphores',`
1ec3d1a 
	gen_require(`
1ec3d1a 
		type tgtd_t;
1ec3d1a 
	')
1ec3d1a
1ec3d1a 
	allow $1 tgtd_t:sem rw_sem_perms;
1ec3d1a 
')
1ec3d1a
1ec3d1a 
######################################
1ec3d1a 
## <summary>
Dominick Grift e38bdef 
##	Create, read, write, and delete
Dominick Grift e38bdef 
##	tgtd sempaphores.
1ec3d1a 
## </summary>
1ec3d1a 
## <param name="domain">
1ec3d1a 
##	<summary>
1ec3d1a 
##	Domain allowed access.
1ec3d1a 
##	</summary>
1ec3d1a 
## </param>
1ec3d1a 
#
1ec3d1a 
interface(`tgtd_manage_semaphores',`
1ec3d1a 
	gen_require(`
1ec3d1a 
		type tgtd_t;
1ec3d1a 
	')
1ec3d1a
1ec3d1a 
	allow $1 tgtd_t:sem create_sem_perms;
1ec3d1a 
')
2a60aeb
2a60aeb 
######################################
2a60aeb 
## <summary>
Dominick Grift e38bdef 
##	Connect to tgtd with a unix
Dominick Grift e38bdef 
##	domain stream socket.
Dominick Grift e38bdef 
## </summary>
Dominick Grift e38bdef 
## <param name="domain">
Dominick Grift e38bdef 
##	<summary>
Dominick Grift e38bdef 
##	Domain allowed access.
Dominick Grift e38bdef 
##	</summary>
Dominick Grift e38bdef 
## </param>
Dominick Grift e38bdef 
#
Dominick Grift e38bdef 
interface(`tgtd_stream_connect',`
Dominick Grift e38bdef 
	gen_require(`
Dominick Grift e38bdef 
		type tgtd_t, tgtd_var_run_t;
Dominick Grift e38bdef 
	')
Dominick Grift e38bdef
Dominick Grift e38bdef 
	files_search_pids($1)
Dominick Grift e38bdef 
	stream_connect_pattern($1, tgtd_var_run_t, tgtd_var_run_t, tgtd_t)
Dominick Grift e38bdef 
')
Dominick Grift e38bdef
Dominick Grift e38bdef 
########################################
Dominick Grift e38bdef 
## <summary>
Dominick Grift e38bdef 
##	All of the rules required to
Dominick Grift e38bdef 
##	administrate an tgtd environment.
Dominick Grift e38bdef 
## </summary>
Dominick Grift e38bdef 
## <param name="domain">
Dominick Grift e38bdef 
##	<summary>
Dominick Grift e38bdef 
##	Domain allowed access.
Dominick Grift e38bdef 
##	</summary>
Dominick Grift e38bdef 
## </param>
Dominick Grift e38bdef 
## <param name="role">
Dominick Grift e38bdef 
##	<summary>
Dominick Grift e38bdef 
##	Role allowed access.
Dominick Grift e38bdef 
##	</summary>
Dominick Grift e38bdef 
## </param>
Dominick Grift e38bdef 
## <rolecap/>
Dominick Grift e38bdef 
#
Dominick Grift e38bdef 
interface(`tgtd_admin',`
Dominick Grift e38bdef 
	gen_require(`
Dominick Grift e38bdef 
		type tgtd_t, tgtd_initrc_exec_t, tgtd_var_lib_t;
Dominick Grift e38bdef 
		type tgtd_var_run_t, tgtd_tmp_t, tgtd_tmpfs_t;
Dominick Grift e38bdef 
	')
Dominick Grift e38bdef
Dominick Grift e38bdef 
	allow $1 tgtd_t:process { ptrace signal_perms };
Dominick Grift e38bdef 
	ps_process_pattern($1, tgtd_t)
Dominick Grift e38bdef
Dominick Grift e38bdef 
	init_labeled_script_domtrans($1, tgtd_initrc_exec_t)
Dominick Grift e38bdef 
	domain_system_change_exemption($1)
Dominick Grift e38bdef 
	role_transition $2 tgtd_initrc_exec_t system_r;
Dominick Grift e38bdef 
	allow $2 system_r;
Dominick Grift e38bdef
Dominick Grift e38bdef 
	files_search_var_lib($1)
Dominick Grift e38bdef 
	admin_pattern($1, tgtd_var_lib_t)
Dominick Grift e38bdef
Dominick Grift e38bdef 
	files_search_pids($1)
Dominick Grift e38bdef 
	admin_pattern($1, tgtd_var_run_t)
Dominick Grift e38bdef
Dominick Grift e38bdef 
	files_search_tmp($1)
Dominick Grift e38bdef 
	admin_pattern($1, tgtd_tmp_t)
Dominick Grift e38bdef
Dominick Grift e38bdef 
	files_search_tmpfs($1)
Dominick Grift e38bdef 
	admin_pattern($1, tgtd_tmpfs_t)
2a60aeb 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.