]>
Commit | Line | Data |
---|---|---|
a5ef553c CP |
1 | ## <summary>Pingd of the Whatsup cluster node up/down detection utility</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Execute a domain transition to run pingd. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
1976ddda | 8 | ## <summary> |
a5ef553c | 9 | ## Domain allowed to transition. |
1976ddda | 10 | ## </summary> |
a5ef553c CP |
11 | ## </param> |
12 | # | |
13 | interface(`pingd_domtrans',` | |
14 | gen_require(` | |
15 | type pingd_t, pingd_exec_t; | |
16 | ') | |
17 | ||
18 | domtrans_pattern($1, pingd_exec_t, pingd_t) | |
19 | ') | |
20 | ||
21 | ####################################### | |
22 | ## <summary> | |
3f67f722 | 23 | ## Read pingd etc configuration files. |
a5ef553c CP |
24 | ## </summary> |
25 | ## <param name="domain"> | |
3f67f722 CP |
26 | ## <summary> |
27 | ## Domain allowed access. | |
28 | ## </summary> | |
a5ef553c CP |
29 | ## </param> |
30 | # | |
31 | interface(`pingd_read_config',` | |
3f67f722 CP |
32 | gen_require(` |
33 | type pingd_etc_t; | |
34 | ') | |
a5ef553c | 35 | |
3f67f722 CP |
36 | files_search_etc($1) |
37 | read_files_pattern($1, pingd_etc_t, pingd_etc_t) | |
a5ef553c CP |
38 | ') |
39 | ||
40 | ####################################### | |
41 | ## <summary> | |
3f67f722 | 42 | ## Manage pingd etc configuration files. |
a5ef553c CP |
43 | ## </summary> |
44 | ## <param name="domain"> | |
3f67f722 CP |
45 | ## <summary> |
46 | ## Domain allowed access. | |
47 | ## </summary> | |
a5ef553c CP |
48 | ## </param> |
49 | # | |
50 | interface(`pingd_manage_config',` | |
3f67f722 CP |
51 | gen_require(` |
52 | type pingd_etc_t; | |
53 | ') | |
a5ef553c | 54 | |
3f67f722 CP |
55 | files_search_etc($1) |
56 | manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t) | |
57 | manage_files_pattern($1, pingd_etc_t, pingd_etc_t) | |
a5ef553c CP |
58 | ') |
59 | ||
60 | ####################################### | |
61 | ## <summary> | |
3f67f722 CP |
62 | ## All of the rules required to administrate |
63 | ## an pingd environment | |
a5ef553c CP |
64 | ## </summary> |
65 | ## <param name="domain"> | |
3f67f722 CP |
66 | ## <summary> |
67 | ## Domain allowed access. | |
68 | ## </summary> | |
a5ef553c CP |
69 | ## </param> |
70 | ## <param name="role"> | |
3f67f722 CP |
71 | ## <summary> |
72 | ## The role to be allowed to manage the pingd domain. | |
73 | ## </summary> | |
a5ef553c CP |
74 | ## </param> |
75 | ## <rolecap/> | |
76 | # | |
77 | interface(`pingd_admin',` | |
3f67f722 | 78 | gen_require(` |
8f0b7460 DG |
79 | type pingd_t, pingd_etc_t, pingd_modules_t; |
80 | type pingd_initrc_exec_t; | |
3f67f722 | 81 | ') |
a5ef553c | 82 | |
995bdbb1 | 83 | allow $1 pingd_t:process signal_perms; |
3f67f722 | 84 | ps_process_pattern($1, pingd_t) |
995bdbb1 | 85 | tunable_policy(`deny_ptrace',`',` |
86 | allow $1 pingd_t:process ptrace; | |
87 | ') | |
a5ef553c | 88 | |
3f67f722 CP |
89 | init_labeled_script_domtrans($1, pingd_initrc_exec_t) |
90 | domain_system_change_exemption($1) | |
91 | role_transition $2 pingd_initrc_exec_t system_r; | |
92 | allow $2 system_r; | |
a5ef553c | 93 | |
3f67f722 CP |
94 | files_list_etc($1) |
95 | admin_pattern($1, pingd_etc_t) | |
a5ef553c CP |
96 | |
97 | files_list_usr($1) | |
3f67f722 | 98 | admin_pattern($1, pingd_modules_t) |
a5ef553c | 99 | ') |