Tree - rpms/selinux-policy - src.fedoraproject.org

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago

Blame tripwire.if

Blob History Raw

		1ec3d1a	`## <summary>Tripwire file integrity checker.</summary>`
		1ec3d1a	`## <desc>`
		1ec3d1a	`##`
		1ec3d1a	`## Tripwire file integrity checker.`
		1ec3d1a	`##`
		1ec3d1a	`##`
		1ec3d1a	`## NOTE: Tripwire creates temp file in its current working directory.`
		1ec3d1a	`## This policy does not allow write access to home directories, so`
		1ec3d1a	`## users will need to either cd to a directory where they have write`
		1ec3d1a	`## permission, or set the TEMPDIRECTORY variable in the tripwire config`
		1ec3d1a	`## file. The latter is preferable, as then the file_type_auto_trans`
		1ec3d1a	`## rules will kick in and label the files as private to tripwire.`
		1ec3d1a	`##`
		1ec3d1a	`## </desc>`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute tripwire in the tripwire domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_domtrans_tripwire',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type tripwire_t, tripwire_exec_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`domtrans_pattern($1, tripwire_exec_t, tripwire_t)`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute tripwire in the tripwire domain, and`
		1ec3d1a	`## allow the specified role the tripwire domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <param name="role">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Role allowed access.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <rolecap/>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_run_tripwire',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type tripwire_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`tripwire_domtrans_tripwire($1)`
		1ec3d1a	`role $2 types tripwire_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute twadmin in the twadmin domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_domtrans_twadmin',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type twadmin_t, twadmin_exec_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`domtrans_pattern($1, twadmin_exec_t, twadmin_t)`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute twadmin in the twadmin domain, and`
		1ec3d1a	`## allow the specified role the twadmin domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <param name="role">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Role allowed access.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <rolecap/>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_run_twadmin',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type twadmin_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`tripwire_domtrans_twadmin($1)`
		1ec3d1a	`role $2 types twadmin_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute twprint in the twprint domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_domtrans_twprint',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type twprint_t, twprint_exec_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`domtrans_pattern($1, twprint_exec_t, twprint_t)`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute twprint in the twprint domain, and`
		1ec3d1a	`## allow the specified role the twprint domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <param name="role">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Role allowed access.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <rolecap/>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_run_twprint',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type twprint_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`tripwire_domtrans_twprint($1)`
		1ec3d1a	`role $2 types twprint_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute siggen in the siggen domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_domtrans_siggen',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type siggen_t, siggen_exec_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`domtrans_pattern($1, siggen_exec_t, siggen_t)`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute siggen in the siggen domain, and`
		1ec3d1a	`## allow the specified role the siggen domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <param name="role">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Role allowed access.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <rolecap/>`
		1ec3d1a	`#`
		1ec3d1a	interface(`tripwire_run_siggen',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type siggen_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`tripwire_domtrans_siggen($1)`
		1ec3d1a	`role $2 types siggen_t;`
		1ec3d1a	`')`

psss / rpms / selinux-policy

Source Code

Blame tripwire.if