projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 7e0fa55f | 1 | ## <summary>Roundup Issue Tracking System policy</summary> |
| 5843d066 CP |
2 | |
| 3 | ######################################## | |
| 4 | ## <summary> | |
| 5 | ## All of the rules required to administrate | |
| 6 | ## an roundup environment | |
| 7 | ## </summary> | |
| 8 | ## <param name="domain"> | |
| 9 | ## <summary> | |
| 10 | ## Domain allowed access. | |
| 11 | ## </summary> | |
| 12 | ## </param> | |
| 13 | ## <param name="role"> | |
| 14 | ## <summary> | |
| 15 | ## The role to be allowed to manage the roundup domain. | |
| 16 | ## </summary> | |
| 17 | ## </param> | |
| 18 | ## <rolecap/> | |
| 19 | # | |
| 20 | interface(`roundup_admin',` | |
| 21 | gen_require(` | |
| 22 | type roundup_t, roundup_var_lib_t, roundup_var_run_t; | |
| 23 | type roundup_initrc_exec_t; | |
| 24 | ') | |
| 25 | ||
| 995bdbb1 | 26 | allow $1 roundup_t:process signal_perms; |
| 5843d066 | 27 | ps_process_pattern($1, roundup_t) |
| 995bdbb1 | 28 | tunable_policy(`deny_ptrace',`',` |
| 29 | allow $1 roundup_t:process ptrace; | |
| 30 | ') | |
| 5843d066 CP |
31 | |
| 32 | init_labeled_script_domtrans($1, roundup_initrc_exec_t) | |
| 33 | domain_system_change_exemption($1) | |
| 34 | role_transition $2 roundup_initrc_exec_t system_r; | |
| 35 | allow $2 system_r; | |
| 36 | ||
| 37 | files_list_var_lib($1) | |
| 38 | admin_pattern($1, roundup_var_lib_t) | |
| 39 | ||
| 40 | files_list_pids($1) | |
| 41 | admin_pattern($1, roundup_var_run_t) | |
| 42 | ') |