[people/stevee/selinux-policy.git] / policy / modules / services / pingd.if

## <summary>Pingd of the Whatsup cluster node up/down detection utility</summary>

########################################
## <summary>
##	Execute a domain transition to run pingd.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`pingd_domtrans',`
	gen_require(`
		type pingd_t, pingd_exec_t;
	')

	domtrans_pattern($1, pingd_exec_t, pingd_t)
')

#######################################
## <summary>
##	Read pingd etc configuration files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`pingd_read_config',`
	gen_require(`
		type pingd_etc_t;
	')

	files_search_etc($1)
	read_files_pattern($1, pingd_etc_t, pingd_etc_t)
')

#######################################
## <summary>
##	Manage pingd etc configuration files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`pingd_manage_config',`
	gen_require(`
		type pingd_etc_t;
	')

	files_search_etc($1)
	manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
	manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
')

#######################################
## <summary>
##	All of the rules required to administrate 
##	an pingd environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed to manage the pingd domain.
##	</summary>
## </param>
## <rolecap/>
#
interface(`pingd_admin',`
	gen_require(`
		type pingd_t, pingd_etc_t, pingd_modules_t;
		type pingd_initrc_exec_t;
	')

	allow $1 pingd_t:process signal_perms;
	ps_process_pattern($1, pingd_t)
	tunable_policy(`deny_ptrace',`',`
		allow $1 pingd_t:process ptrace;
	')

	init_labeled_script_domtrans($1, pingd_initrc_exec_t)
	domain_system_change_exemption($1)
	role_transition $2 pingd_initrc_exec_t system_r;
	allow $2 system_r;

	files_list_etc($1)
	admin_pattern($1, pingd_etc_t)

	files_list_usr($1)
	admin_pattern($1, pingd_modules_t)
')
Commit	Line	Data
a5ef553c CP	1	## <summary>Pingd of the Whatsup cluster node up/down detection utility</summary>
	2
	3	########################################
	4	## <summary>
	5	## Execute a domain transition to run pingd.
	6	## </summary>
	7	## <param name="domain">
1976ddda	8	## <summary>
a5ef553c	9	## Domain allowed to transition.
1976ddda	10	## </summary>
a5ef553c CP	11	## </param>
	12	#
	13	interface(`pingd_domtrans',`
	14	gen_require(`
	15	type pingd_t, pingd_exec_t;
	16	')
	17
	18	domtrans_pattern($1, pingd_exec_t, pingd_t)
	19	')
	20
	21	#######################################
	22	## <summary>
3f67f722	23	## Read pingd etc configuration files.
a5ef553c CP	24	## </summary>
a5ef553c CP	25	## <param name="domain">
3f67f722 CP	26	## <summary>
	27	## Domain allowed access.
	28	## </summary>
a5ef553c CP	29	## </param>
	30	#
	31	interface(`pingd_read_config',`
3f67f722 CP	32	gen_require(`
	33	type pingd_etc_t;
	34	')
a5ef553c	35
3f67f722 CP	36	files_search_etc($1)
3f67f722 CP	37	read_files_pattern($1, pingd_etc_t, pingd_etc_t)
a5ef553c CP	38	')
	39
	40	#######################################
	41	## <summary>
3f67f722	42	## Manage pingd etc configuration files.
a5ef553c CP	43	## </summary>
a5ef553c CP	44	## <param name="domain">
3f67f722 CP	45	## <summary>
	46	## Domain allowed access.
	47	## </summary>
a5ef553c CP	48	## </param>
	49	#
	50	interface(`pingd_manage_config',`
3f67f722 CP	51	gen_require(`
	52	type pingd_etc_t;
	53	')
a5ef553c	54
3f67f722 CP	55	files_search_etc($1)
	56	manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
	57	manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
a5ef553c CP	58	')
	59
	60	#######################################
	61	## <summary>
3f67f722 CP	62	## All of the rules required to administrate
3f67f722 CP	63	## an pingd environment
a5ef553c CP	64	## </summary>
a5ef553c CP	65	## <param name="domain">
3f67f722 CP	66	## <summary>
	67	## Domain allowed access.
	68	## </summary>
a5ef553c CP	69	## </param>
a5ef553c CP	70	## <param name="role">
3f67f722 CP	71	## <summary>
	72	## The role to be allowed to manage the pingd domain.
	73	## </summary>
a5ef553c CP	74	## </param>
	75	## <rolecap/>
	76	#
	77	interface(`pingd_admin',`
3f67f722	78	gen_require(`
8f0b7460 DG	79	type pingd_t, pingd_etc_t, pingd_modules_t;
8f0b7460 DG	80	type pingd_initrc_exec_t;
3f67f722	81	')
a5ef553c	82
995bdbb1	83	allow $1 pingd_t:process signal_perms;
3f67f722	84	ps_process_pattern($1, pingd_t)
995bdbb1	85	tunable_policy(`deny_ptrace',`',`
	86	allow $1 pingd_t:process ptrace;
	87	')
a5ef553c	88
3f67f722 CP	89	init_labeled_script_domtrans($1, pingd_initrc_exec_t)
	90	domain_system_change_exemption($1)
	91	role_transition $2 pingd_initrc_exec_t system_r;
	92	allow $2 system_r;
a5ef553c	93
3f67f722 CP	94	files_list_etc($1)
3f67f722 CP	95	admin_pattern($1, pingd_etc_t)
a5ef553c CP	96
a5ef553c CP	97	files_list_usr($1)
3f67f722	98	admin_pattern($1, pingd_modules_t)
a5ef553c	99	')