]>
Commit | Line | Data |
---|---|---|
eac818f0 | 1 | ## <summary>SELinux troubleshooting service</summary> |
6b19be33 CP |
2 | |
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Connect to setroubleshootd over an unix stream socket. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
8 | ## <summary> | |
9 | ## Domain allowed access. | |
10 | ## </summary> | |
11 | ## </param> | |
12 | # | |
13 | interface(`setroubleshoot_stream_connect',` | |
14 | gen_require(` | |
15 | type setroubleshootd_t, setroubleshoot_var_run_t; | |
16 | ') | |
17 | ||
18 | files_search_pids($1) | |
19 | allow $1 setroubleshoot_var_run_t:sock_file write; | |
20 | allow $1 setroubleshootd_t:unix_stream_socket connectto; | |
21 | ') | |
0a0b8078 CP |
22 | |
23 | ######################################## | |
24 | ## <summary> | |
25 | ## Dontaudit attempts to connect to setroubleshootd | |
26 | ## over an unix stream socket. | |
27 | ## </summary> | |
28 | ## <param name="domain"> | |
29 | ## <summary> | |
30 | ## Domain allowed access. | |
31 | ## </summary> | |
32 | ## </param> | |
33 | # | |
34 | interface(`setroubleshoot_dontaudit_stream_connect',` | |
35 | gen_require(` | |
36 | type setroubleshootd_t, setroubleshoot_var_run_t; | |
37 | ') | |
38 | ||
39 | dontaudit $1 setroubleshoot_var_run_t:sock_file write; | |
40 | dontaudit $1 setroubleshootd_t:unix_stream_socket connectto; | |
41 | ') |