/etc/portreserve(/.*)? gen_context(system_u:object_r:portreserve_etc_t,s0)
+/etc/rc\.d/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0)
+
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
/var/run/portreserve(/.*)? gen_context(system_u:object_r:portreserve_var_run_t,s0)
## </summary>
## </param>
## <rolecap/>
-##
#
interface(`portreserve_read_config',`
gen_require(`
## Domain allowed access.
## </summary>
## </param>
-##
#
interface(`portreserve_manage_config',`
gen_require(`
manage_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
')
+
+########################################
+## <summary>
+## Execute portreserve in the portreserve domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`portreserve_initrc_domtrans',`
+ gen_require(`
+ type portreserve_initrc_exec_t;
+ ')
+
+ init_labeled_script_domtrans($1, portreserve_initrc_exec_t)
+')
+
+########################################
+## <summary>
+## All of the rules required to administrate
+## an portreserve environment.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`portreserve_admin',`
+ gen_require(`
+ type portreserve_t, portreserve_etc_t, portreserve_var_run_t;
+ type portreserve_initrc_exec_t;
+ ')
+
+ allow $1 portreserve_t:process { ptrace signal_perms };
+ ps_process_pattern($1, portreserve_t)
+
+ portreserve_initrc_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 portreserve_initrc_exec_t system_r;
+ allow $2 system_r;
+
+ files_list_etc($1)
+ admin_pattern($1, portreserve_etc_t)
+
+ files_list_pids($1)
+ admin_pattern($1, portreserve_var_run_t)
+')
type portreserve_exec_t;
init_daemon_domain(portreserve_t, portreserve_exec_t)
+type portreserve_initrc_exec_t;
+init_script_file(portreserve_initrc_exec_t)
+
type portreserve_etc_t;
files_type(portreserve_etc_t)
manage_dirs_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
+files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file dir })
corecmd_getattr_bin_files(portreserve_t)
corenet_udp_bind_all_ports(portreserve_t)
files_read_etc_files(portreserve_t)
+
+userdom_dontaudit_search_user_home_content(portreserve_t)
projects / people / stevee / selinux-policy.git / commitdiff
