[people/stevee/selinux-policy.git] / policy / modules / services / rhev.if

## <summary>rhev polic module contains policies for rhev apps</summary>

#####################################
## <summary>
##  Execute rhev-agentd in the rhev_agentd domain.
## </summary>
## <param name="domain">
##  <summary>
##  Domain allowed access.
##  </summary>
## </param>
#
interface(`rhev_domtrans_agentd',`
    gen_require(`
        type rhev_agentd_t, rhev_agentd_exec_t;
    ')

    domtrans_pattern($1, rhev_agentd_exec_t, rhev_agentd_t)
')

####################################
## <summary>
##  Read rhev-agentd PID files.
## </summary>
## <param name="domain">
##  <summary>
##  Domain allowed access.
##  </summary>
## </param>
#
interface(`rhev_read_pid_files_agentd',`
    gen_require(`
        type rhev_agentd_var_run_t;
    ')

	files_search_pids($1)
    read_files_pattern($1, rhev_agentd_var_run_t, rhev_agentd_var_run_t)
')

#####################################
## <summary>
##      Connect to rhev_agentd over a unix domain
##      stream socket.
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`rhev_stream_connect_agentd',`
        gen_require(`
                type rhev_agentd_var_run_t, rhev_agentd_t;
        ')

        files_search_pids($1)
        stream_connect_pattern($1, rhev_agentd_var_run_t, rhev_agentd_var_run_t, rhev_agentd_t)
')

######################################
## <summary>
##  Send sigchld to rhev-agentd
## </summary>
## <param name="domain">
##  <summary>
##  Domain allowed access
##  </summary>
## </param>
#
interface(`rhev_sigchld_agentd',`
    gen_require(`
              type rhev_agentd_t;
    ')

    allow $1 rhev_agentd_t:process sigchld;
')
Commit	Line	Data
bdc8dc83 MG	1	## <summary>rhev polic module contains policies for rhev apps</summary>
	2
	3	#####################################
	4	## <summary>
	5	## Execute rhev-agentd in the rhev_agentd domain.
	6	## </summary>
	7	## <param name="domain">
	8	## <summary>
	9	## Domain allowed access.
	10	## </summary>
	11	## </param>
	12	#
	13	interface(`rhev_domtrans_agentd',`
	14	gen_require(`
	15	type rhev_agentd_t, rhev_agentd_exec_t;
	16	')
	17
	18	domtrans_pattern($1, rhev_agentd_exec_t, rhev_agentd_t)
	19	')
	20
	21	####################################
	22	## <summary>
	23	## Read rhev-agentd PID files.
	24	## </summary>
	25	## <param name="domain">
	26	## <summary>
	27	## Domain allowed access.
	28	## </summary>
	29	## </param>
	30	#
	31	interface(`rhev_read_pid_files_agentd',`
	32	gen_require(`
	33	type rhev_agentd_var_run_t;
	34	')
	35
	36	files_search_pids($1)
	37	read_files_pattern($1, rhev_agentd_var_run_t, rhev_agentd_var_run_t)
	38	')
	39
	40	#####################################
	41	## <summary>
	42	## Connect to rhev_agentd over a unix domain
	43	## stream socket.
	44	## </summary>
	45	## <param name="domain">
	46	## <summary>
	47	## Domain allowed access.
	48	## </summary>
	49	## </param>
	50	#
	51	interface(`rhev_stream_connect_agentd',`
	52	gen_require(`
	53	type rhev_agentd_var_run_t, rhev_agentd_t;
	54	')
	55
	56	files_search_pids($1)
	57	stream_connect_pattern($1, rhev_agentd_var_run_t, rhev_agentd_var_run_t, rhev_agentd_t)
	58	')
7a8f1d73 MG	59
	60	######################################
	61	## <summary>
	62	## Send sigchld to rhev-agentd
	63	## </summary>
	64	## <param name="domain">
	65	## <summary>
	66	## Domain allowed access
	67	## </summary>
	68	## </param>
	69	#
	70	interface(`rhev_sigchld_agentd',`
	71	gen_require(`
	72	type rhev_agentd_t;
	73	')
	74
	75	allow $1 rhev_agentd_t:process sigchld;
	76	')