]>
Commit | Line | Data |
---|---|---|
ad0071bb | 1 | ## <summary>Smokeping network latency measurement.</summary> |
f3c346cc JS |
2 | |
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Execute a domain transition to run smokeping. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
dcf87460 | 8 | ## <summary> |
f3c346cc | 9 | ## Domain allowed to transition. |
dcf87460 | 10 | ## </summary> |
f3c346cc JS |
11 | ## </param> |
12 | # | |
13 | interface(`smokeping_domtrans',` | |
14 | gen_require(` | |
15 | type smokeping_t, smokeping_exec_t; | |
16 | ') | |
17 | ||
18 | domtrans_pattern($1, smokeping_exec_t, smokeping_t) | |
19 | ') | |
20 | ||
21 | ######################################## | |
22 | ## <summary> | |
23 | ## Execute smokeping server in the smokeping domain. | |
24 | ## </summary> | |
25 | ## <param name="domain"> | |
26 | ## <summary> | |
288845a6 | 27 | ## Domain allowed to transition. |
f3c346cc JS |
28 | ## </summary> |
29 | ## </param> | |
30 | # | |
31 | interface(`smokeping_initrc_domtrans',` | |
32 | gen_require(` | |
33 | type smokeping_initrc_exec_t; | |
34 | ') | |
35 | ||
36 | init_labeled_script_domtrans($1, smokeping_initrc_exec_t) | |
37 | ') | |
38 | ||
39 | ######################################## | |
40 | ## <summary> | |
41 | ## Read smokeping PID files. | |
42 | ## </summary> | |
43 | ## <param name="domain"> | |
44 | ## <summary> | |
45 | ## Domain allowed access. | |
46 | ## </summary> | |
47 | ## </param> | |
48 | # | |
49 | interface(`smokeping_read_pid_files',` | |
50 | gen_require(` | |
51 | type smokeping_var_run_t; | |
52 | ') | |
53 | ||
54 | files_search_pids($1) | |
55 | allow $1 smokeping_var_run_t:file read_file_perms; | |
56 | ') | |
57 | ||
58 | ######################################## | |
59 | ## <summary> | |
60 | ## Manage smokeping PID files. | |
61 | ## </summary> | |
62 | ## <param name="domain"> | |
63 | ## <summary> | |
64 | ## Domain allowed access. | |
65 | ## </summary> | |
66 | ## </param> | |
67 | # | |
68 | interface(`smokeping_manage_pid_files',` | |
69 | gen_require(` | |
70 | type smokeping_var_run_t; | |
71 | ') | |
72 | ||
73 | files_search_pids($1) | |
74 | manage_files_pattern($1, smokeping_var_run_t, smokeping_var_run_t) | |
75 | ') | |
76 | ||
77 | ######################################## | |
78 | ## <summary> | |
79 | ## Get attributes of smokeping lib files. | |
80 | ## </summary> | |
81 | ## <param name="domain"> | |
82 | ## <summary> | |
83 | ## Domain allowed access. | |
84 | ## </summary> | |
85 | ## </param> | |
86 | # | |
87 | interface(`smokeping_getattr_lib_files',` | |
88 | gen_require(` | |
89 | type smokeping_var_lib_t; | |
90 | ') | |
91 | ||
92 | getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t) | |
93 | files_search_var_lib($1) | |
94 | ') | |
95 | ||
96 | ######################################## | |
97 | ## <summary> | |
98 | ## Read smokeping lib files. | |
99 | ## </summary> | |
100 | ## <param name="domain"> | |
101 | ## <summary> | |
102 | ## Domain allowed access. | |
103 | ## </summary> | |
104 | ## </param> | |
105 | # | |
106 | interface(`smokeping_read_lib_files',` | |
107 | gen_require(` | |
108 | type smokeping_var_lib_t; | |
109 | ') | |
110 | ||
111 | files_search_var_lib($1) | |
112 | read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t) | |
113 | ') | |
114 | ||
115 | ######################################## | |
116 | ## <summary> | |
117 | ## Manage smokeping lib files. | |
118 | ## </summary> | |
119 | ## <param name="domain"> | |
120 | ## <summary> | |
121 | ## Domain allowed access. | |
122 | ## </summary> | |
123 | ## </param> | |
124 | # | |
125 | interface(`smokeping_manage_lib_files',` | |
126 | gen_require(` | |
127 | type smokeping_var_lib_t; | |
128 | ') | |
129 | ||
130 | files_search_var_lib($1) | |
ad0071bb | 131 | manage_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t) |
f3c346cc JS |
132 | ') |
133 | ||
134 | ######################################## | |
135 | ## <summary> | |
ad0071bb | 136 | ## All of the rules required to administrate |
f3c346cc JS |
137 | ## a smokeping environment |
138 | ## </summary> | |
139 | ## <param name="domain"> | |
140 | ## <summary> | |
141 | ## Domain allowed access. | |
142 | ## </summary> | |
143 | ## </param> | |
144 | ## <param name="role"> | |
145 | ## <summary> | |
146 | ## Role allowed access. | |
147 | ## </summary> | |
148 | ## </param> | |
149 | ## <rolecap/> | |
150 | # | |
151 | interface(`smokeping_admin',` | |
152 | gen_require(` | |
153 | type smokeping_t, smokeping_initrc_exec_t; | |
154 | ') | |
155 | ||
995bdbb1 | 156 | allow $1 smokeping_t:process signal_perms; |
f3c346cc | 157 | ps_process_pattern($1, smokeping_t) |
995bdbb1 | 158 | tunable_policy(`deny_ptrace',`',` |
159 | allow $1 smokeping_t:process ptrace; | |
160 | ') | |
f3c346cc JS |
161 | |
162 | smokeping_initrc_domtrans($1) | |
163 | domain_system_change_exemption($1) | |
164 | role_transition $2 smokeping_initrc_exec_t system_r; | |
165 | allow $2 system_r; | |
166 | ||
167 | smokeping_manage_pid_files($1) | |
168 | ||
169 | smokeping_manage_lib_files($1) | |
170 | ') |