]>
Commit | Line | Data |
---|---|---|
45a66b2c DW |
1 | |
2 | ## <summary>policy for l2tpd</summary> | |
3 | ||
4 | ######################################## | |
5 | ## <summary> | |
6 | ## Transition to l2tpd. | |
7 | ## </summary> | |
8 | ## <param name="domain"> | |
9 | ## <summary> | |
10 | ## Domain allowed to transition. | |
11 | ## </summary> | |
12 | ## </param> | |
13 | # | |
14 | interface(`l2tpd_domtrans',` | |
15 | gen_require(` | |
16 | type l2tpd_t, l2tpd_exec_t; | |
17 | ') | |
18 | ||
19 | corecmd_search_bin($1) | |
20 | domtrans_pattern($1, l2tpd_exec_t, l2tpd_t) | |
21 | ') | |
22 | ||
23 | ||
24 | ######################################## | |
25 | ## <summary> | |
26 | ## Execute l2tpd server in the l2tpd domain. | |
27 | ## </summary> | |
28 | ## <param name="domain"> | |
29 | ## <summary> | |
30 | ## Domain allowed access. | |
31 | ## </summary> | |
32 | ## </param> | |
33 | # | |
34 | interface(`l2tpd_initrc_domtrans',` | |
35 | gen_require(` | |
36 | type l2tpd_initrc_exec_t; | |
37 | ') | |
38 | ||
39 | init_labeled_script_domtrans($1, l2tpd_initrc_exec_t) | |
40 | ') | |
41 | ||
42 | ||
43 | ######################################## | |
44 | ## <summary> | |
45 | ## Read l2tpd PID files. | |
46 | ## </summary> | |
47 | ## <param name="domain"> | |
48 | ## <summary> | |
49 | ## Domain allowed access. | |
50 | ## </summary> | |
51 | ## </param> | |
52 | # | |
53 | interface(`l2tpd_read_pid_files',` | |
54 | gen_require(` | |
55 | type l2tpd_var_run_t; | |
56 | ') | |
57 | ||
58 | files_search_pids($1) | |
59 | allow $1 l2tpd_var_run_t:file read_file_perms; | |
60 | ') | |
61 | ||
62 | ######################################## | |
63 | ## <summary> | |
64 | ## Read and write l2tpd unnamed pipes. | |
65 | ## </summary> | |
66 | ## <param name="domain"> | |
67 | ## <summary> | |
68 | ## Domain allowed access. | |
69 | ## </summary> | |
70 | ## </param> | |
71 | # | |
72 | interface(`l2tpd_rw_pipes',` | |
73 | gen_require(` | |
74 | type l2tpd_t; | |
75 | ') | |
76 | ||
77 | allow $1 l2tpd_t:fifo_file rw_fifo_file_perms; | |
78 | ') | |
79 | ||
80 | ######################################## | |
81 | ## <summary> | |
82 | ## All of the rules required to administrate | |
83 | ## an l2tpd environment | |
84 | ## </summary> | |
85 | ## <param name="domain"> | |
86 | ## <summary> | |
87 | ## Domain allowed access. | |
88 | ## </summary> | |
89 | ## </param> | |
90 | ## <param name="role"> | |
91 | ## <summary> | |
92 | ## Role allowed access. | |
93 | ## </summary> | |
94 | ## </param> | |
95 | ## <rolecap/> | |
96 | # | |
97 | interface(`l2tpd_admin',` | |
98 | gen_require(` | |
99 | type l2tpd_t; | |
100 | type l2tpd_initrc_exec_t; | |
101 | type l2tpd_var_run_t; | |
102 | ') | |
103 | ||
995bdbb1 | 104 | allow $1 l2tpd_t:process signal_perms; |
45a66b2c | 105 | ps_process_pattern($1, l2tpd_t) |
995bdbb1 | 106 | tunable_policy(`deny_ptrace',`',` |
107 | allow $1 l2tpd_t:process ptrace; | |
108 | ') | |
45a66b2c DW |
109 | |
110 | l2tpd_initrc_domtrans($1) | |
111 | domain_system_change_exemption($1) | |
112 | role_transition $2 l2tpd_initrc_exec_t system_r; | |
113 | allow $2 system_r; | |
114 | ||
115 | files_search_pids($1) | |
116 | admin_pattern($1, l2tpd_var_run_t) | |
117 | ') | |
118 |