## RAID array management tools
########################################
##
## Execute software raid tools in the mdadm domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`raid_domtrans_mdadm',`
gen_require(`
type mdadm_t, mdadm_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, mdadm_exec_t, mdadm_t)
')
######################################
##
## Execute a domain transition to mdadm_t for the
## specified role, allowing it to use the mdadm_t
## domain
##
##
##
## Role allowed to access mdadm_t domain
##
##
##
##
## Domain allowed to transition to mdadm_t
##
##
#
interface(`raid_run_mdadm',`
gen_require(`
type mdadm_t;
')
role $1 types mdadm_t;
raid_domtrans_mdadm($2)
')
########################################
##
## read the mdadm pid files.
##
##
##
## Domain allowed access.
##
##
#
interface(`raid_read_mdadm_pid',`
gen_require(`
type mdadm_var_run_t;
')
read_files_pattern($1, mdadm_var_run_t, mdadm_var_run_t)
')
########################################
##
## Create, read, write, and delete the mdadm pid files.
##
##
##
## Create, read, write, and delete the mdadm pid files.
##
##
## Added for use in the init module.
##
##
##
##
## Domain allowed access.
##
##
#
interface(`raid_manage_mdadm_pid',`
gen_require(`
type mdadm_var_run_t;
')
# FIXME: maybe should have a type_transition. not
# clear what this is doing, from the original
# mdadm policy
allow $1 mdadm_var_run_t:file manage_file_perms;
')