[people/stevee/selinux-policy.git] / policy / modules / services / smokeping.if

## <summary>Smokeping network latency measurement.</summary>

########################################
## <summary>
##	Execute a domain transition to run smokeping.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`smokeping_domtrans',`
	gen_require(`
		type smokeping_t, smokeping_exec_t;
	')

	domtrans_pattern($1, smokeping_exec_t, smokeping_t)
')

########################################
## <summary>
##	Execute smokeping server in the smokeping domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`smokeping_initrc_domtrans',`
	gen_require(`
		type smokeping_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, smokeping_initrc_exec_t)
')

########################################
## <summary>
##	Read smokeping PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`smokeping_read_pid_files',`
	gen_require(`
		type smokeping_var_run_t;
	')

	files_search_pids($1)
	allow $1 smokeping_var_run_t:file read_file_perms;
')

########################################
## <summary>
##	Manage smokeping PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`smokeping_manage_pid_files',`
	gen_require(`
		type smokeping_var_run_t;
	')

	files_search_pids($1)
	manage_files_pattern($1, smokeping_var_run_t, smokeping_var_run_t)
')

########################################
## <summary>
##	Get attributes of smokeping lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`smokeping_getattr_lib_files',`
	gen_require(`
		type smokeping_var_lib_t;
	')

	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
	files_search_var_lib($1)
')

########################################
## <summary>
##	Read smokeping lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`smokeping_read_lib_files',`
	gen_require(`
		type smokeping_var_lib_t;
	')

	files_search_var_lib($1)
	read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
')

########################################
## <summary>
##	Manage smokeping lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`smokeping_manage_lib_files',`
	gen_require(`
		type smokeping_var_lib_t;
	')

	files_search_var_lib($1)
	manage_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
')

########################################
## <summary>
##	All of the rules required to administrate
##	a smokeping environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`smokeping_admin',`
	gen_require(`
		type smokeping_t, smokeping_initrc_exec_t;
	')

	allow $1 smokeping_t:process signal_perms;
	ps_process_pattern($1, smokeping_t)
	tunable_policy(`deny_ptrace',`',`
		allow $1 smokeping_t:process ptrace;
	')

	smokeping_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 smokeping_initrc_exec_t system_r;
	allow $2 system_r;

	smokeping_manage_pid_files($1)

	smokeping_manage_lib_files($1)
')
Commit	Line	Data
ad0071bb	1	## <summary>Smokeping network latency measurement.</summary>
f3c346cc JS	2
	3	########################################
	4	## <summary>
	5	## Execute a domain transition to run smokeping.
	6	## </summary>
	7	## <param name="domain">
dcf87460	8	## <summary>
f3c346cc	9	## Domain allowed to transition.
dcf87460	10	## </summary>
f3c346cc JS	11	## </param>
	12	#
	13	interface(`smokeping_domtrans',`
	14	gen_require(`
	15	type smokeping_t, smokeping_exec_t;
	16	')
	17
	18	domtrans_pattern($1, smokeping_exec_t, smokeping_t)
	19	')
	20
	21	########################################
	22	## <summary>
	23	## Execute smokeping server in the smokeping domain.
	24	## </summary>
	25	## <param name="domain">
	26	## <summary>
288845a6	27	## Domain allowed to transition.
f3c346cc JS	28	## </summary>
	29	## </param>
	30	#
	31	interface(`smokeping_initrc_domtrans',`
	32	gen_require(`
	33	type smokeping_initrc_exec_t;
	34	')
	35
	36	init_labeled_script_domtrans($1, smokeping_initrc_exec_t)
	37	')
	38
	39	########################################
	40	## <summary>
	41	## Read smokeping PID files.
	42	## </summary>
	43	## <param name="domain">
	44	## <summary>
	45	## Domain allowed access.
	46	## </summary>
	47	## </param>
	48	#
	49	interface(`smokeping_read_pid_files',`
	50	gen_require(`
	51	type smokeping_var_run_t;
	52	')
	53
	54	files_search_pids($1)
	55	allow $1 smokeping_var_run_t:file read_file_perms;
	56	')
	57
	58	########################################
	59	## <summary>
	60	## Manage smokeping PID files.
	61	## </summary>
	62	## <param name="domain">
	63	## <summary>
	64	## Domain allowed access.
	65	## </summary>
	66	## </param>
	67	#
	68	interface(`smokeping_manage_pid_files',`
	69	gen_require(`
	70	type smokeping_var_run_t;
	71	')
	72
	73	files_search_pids($1)
	74	manage_files_pattern($1, smokeping_var_run_t, smokeping_var_run_t)
	75	')
	76
	77	########################################
	78	## <summary>
	79	## Get attributes of smokeping lib files.
	80	## </summary>
	81	## <param name="domain">
	82	## <summary>
	83	## Domain allowed access.
	84	## </summary>
	85	## </param>
	86	#
	87	interface(`smokeping_getattr_lib_files',`
	88	gen_require(`
	89	type smokeping_var_lib_t;
	90	')
	91
92	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
93	files_search_var_lib($1)
94	')
95
96	########################################
97	## <summary>
98	## Read smokeping lib files.
99	## </summary>
100	## <param name="domain">
101	## <summary>
102	## Domain allowed access.
103	## </summary>
104	## </param>
105	#
106	interface(`smokeping_read_lib_files',`
107	gen_require(`
108	type smokeping_var_lib_t;
109	')
110
111	files_search_var_lib($1)
112	read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
113	')
114
115	########################################
116	## <summary>
117	## Manage smokeping lib files.
118	## </summary>
119	## <param name="domain">
120	## <summary>
121	## Domain allowed access.
122	## </summary>
123	## </param>
124	#
125	interface(`smokeping_manage_lib_files',`
126	gen_require(`
127	type smokeping_var_lib_t;
128	')
129
130	files_search_var_lib($1)
ad0071bb	131	manage_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
f3c346cc JS	132	')
	133
	134	########################################
	135	## <summary>
ad0071bb	136	## All of the rules required to administrate
f3c346cc JS	137	## a smokeping environment
	138	## </summary>
	139	## <param name="domain">
	140	## <summary>
	141	## Domain allowed access.
	142	## </summary>
	143	## </param>
	144	## <param name="role">
	145	## <summary>
	146	## Role allowed access.
	147	## </summary>
	148	## </param>
	149	## <rolecap/>
	150	#
	151	interface(`smokeping_admin',`
	152	gen_require(`
	153	type smokeping_t, smokeping_initrc_exec_t;
	154	')
	155
995bdbb1	156	allow $1 smokeping_t:process signal_perms;
f3c346cc	157	ps_process_pattern($1, smokeping_t)
995bdbb1	158	tunable_policy(`deny_ptrace',`',`
	159	allow $1 smokeping_t:process ptrace;
	160	')
f3c346cc JS	161
	162	smokeping_initrc_domtrans($1)
	163	domain_system_change_exemption($1)
	164	role_transition $2 smokeping_initrc_exec_t system_r;
	165	allow $2 system_r;
	166
	167	smokeping_manage_pid_files($1)
	168
	169	smokeping_manage_lib_files($1)
	170	')