]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/services/setroubleshoot.if
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
trunk: 5 patches from dan.
[people/stevee/selinux-policy.git] / policy / modules / services / setroubleshoot.if
CommitLineData
eac818f0 1## <summary>SELinux troubleshooting service</summary>
6b19be33
CP		 2
3########################################
4## <summary>
5## Connect to setroubleshootd over an unix stream socket.
6## </summary>
7## <param name="domain">
8## <summary>
9## Domain allowed access.
10## </summary>
11## </param>
12#
13interface(`setroubleshoot_stream_connect',`
14 gen_require(`
15 type setroubleshootd_t, setroubleshoot_var_run_t;
16 ')
17
18 files_search_pids($1)
19 allow $1 setroubleshoot_var_run_t:sock_file write;
20 allow $1 setroubleshootd_t:unix_stream_socket connectto;
21')
0a0b8078
CP		 22
23########################################
24## <summary>
25## Dontaudit attempts to connect to setroubleshootd
26## over an unix stream socket.
27## </summary>
28## <param name="domain">
29## <summary>
30## Domain allowed access.
31## </summary>
32## </param>
33#
34interface(`setroubleshoot_dontaudit_stream_connect',`
35 gen_require(`
36 type setroubleshootd_t, setroubleshoot_var_run_t;
37 ')
38
39 dontaudit $1 setroubleshoot_var_run_t:sock_file write;
40 dontaudit $1 setroubleshootd_t:unix_stream_socket connectto;
41')
The IPFire selinux policy.