## Line printer daemon
########################################
##
## Execute lpd in the lpd domain.
##
##
## Domain allowed access.
##
#
interface(`lpd_domtrans_checkpc',`
gen_require(`
type checkpc_t, checkpc_exec_t;
')
domain_auto_trans($1,checkpc_exec_t,checkpc_t)
allow $1 checkpc_t:fd use;
allow checkpc_t $1:fd use;
allow checkpc_t $1:fifo_file rw_file_perms;
allow checkpc_t $1:process sigchld;
')
########################################
##
## Execute amrecover in the lpd domain, and
## allow the specified role the lpd domain.
##
##
## Domain allowed access.
##
##
## The role to be allowed the lpd domain.
##
##
## The type of the terminal allow the lpd domain to use.
##
#
interface(`lpd_run_checkpc',`
gen_require(`
type checkpc_t;
')
lpd_domtrans_checkpc($1)
role $2 types checkpc_t;
allow checkpc_t $3:chr_file rw_term_perms;
')
########################################
##
## List the contents of the printer spool directories.
##
##
## Domain allowed access.
##
#
interface(`lpd_list_spool',`
gen_require(`
type print_spool_t;
')
files_search_spool($1)
allow $1 print_spool_t:dir list_dir_perms;
')
########################################
##
## Create, read, write, and delete printer spool files.
##
##
## Domain allowed access.
##
#
interface(`lpd_manage_spool',`
gen_require(`
type print_spool_t;
')
files_search_spool($1)
# cjp: cups wants setattr
allow $1 print_spool_t:dir { rw_dir_perms setattr };
allow $1 print_spool_t:file manage_file_perms;
')
########################################
##
## List the contents of the printer spool directories.
##
##
## Domain allowed access.
##
#
interface(`lpd_read_config',`
gen_require(`
type printconf_t;
')
allow $1 printconf_t:dir list_dir_perms;
allow $1 printconf_t:file r_file_perms;
')