## Reports on various system states.
########################################
##
## Create, read, write, and delete
## sysstat log files.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`sysstat_manage_log',`
gen_require(`
type sysstat_log_t;
')
logging_search_logs($1)
manage_files_pattern($1, sysstat_log_t, sysstat_log_t)
')
########################################
##
## All of the rules required to
## administrate an sysstat environment.
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`sysstat_admin',`
gen_require(`
type sysstat_t, sysstat_initrc_exec_t, sysstat_log_t;
')
allow $1 sysstat_t:process { ptrace signal_perms };
ps_process_pattern($1, sysstat_t)
init_labeled_script_domtrans($1, sysstat_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 sysstat_initrc_exec_t system_r;
allow $2 system_r;
logging_search_logs($1)
admin_pattern($1, sysstat_log_t)
')