]>
Commit | Line | Data |
---|---|---|
7e0fa55f | 1 | ## <summary>Roundup Issue Tracking System policy</summary> |
5843d066 CP |
2 | |
3 | ######################################## | |
4 | ## <summary> | |
5 | ## All of the rules required to administrate | |
6 | ## an roundup environment | |
7 | ## </summary> | |
8 | ## <param name="domain"> | |
9 | ## <summary> | |
10 | ## Domain allowed access. | |
11 | ## </summary> | |
12 | ## </param> | |
13 | ## <param name="role"> | |
14 | ## <summary> | |
15 | ## The role to be allowed to manage the roundup domain. | |
16 | ## </summary> | |
17 | ## </param> | |
18 | ## <rolecap/> | |
19 | # | |
20 | interface(`roundup_admin',` | |
21 | gen_require(` | |
22 | type roundup_t, roundup_var_lib_t, roundup_var_run_t; | |
23 | type roundup_initrc_exec_t; | |
24 | ') | |
25 | ||
995bdbb1 | 26 | allow $1 roundup_t:process signal_perms; |
5843d066 | 27 | ps_process_pattern($1, roundup_t) |
995bdbb1 | 28 | tunable_policy(`deny_ptrace',`',` |
29 | allow $1 roundup_t:process ptrace; | |
30 | ') | |
5843d066 CP |
31 | |
32 | init_labeled_script_domtrans($1, roundup_initrc_exec_t) | |
33 | domain_system_change_exemption($1) | |
34 | role_transition $2 roundup_initrc_exec_t system_r; | |
35 | allow $2 system_r; | |
36 | ||
37 | files_list_var_lib($1) | |
38 | admin_pattern($1, roundup_var_lib_t) | |
39 | ||
40 | files_list_pids($1) | |
41 | admin_pattern($1, roundup_var_run_t) | |
42 | ') |