## GIT revision control system.
########################################
##
## Role access for Git session.
##
##
##
## Role allowed access.
##
##
##
##
## User domain for the role.
##
##
#
template(`git_role',`
gen_require(`
type git_session_t, gitd_exec_t, git_user_content_t;
')
########################################
#
# Declarations
#
role $1 types git_session_t;
########################################
#
# Policy
#
manage_dirs_pattern($2, git_user_content_t, git_user_content_t)
relabel_dirs_pattern($2, git_user_content_t, git_user_content_t)
exec_files_pattern($2, git_user_content_t, git_user_content_t)
manage_files_pattern($2, git_user_content_t, git_user_content_t)
relabel_files_pattern($2, git_user_content_t, git_user_content_t)
allow $2 git_session_t:process { ptrace signal_perms };
ps_process_pattern($2, git_session_t)
tunable_policy(`git_session_users',`
domtrans_pattern($2, gitd_exec_t, git_session_t)
',`
can_exec($2, gitd_exec_t)
')
')