]>
Commit | Line | Data |
---|---|---|
9ff30033 CP |
1 | ## <summary>Zebra border gateway protocol network routing service</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Read the configuration files for zebra. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
885b83ec | 8 | ## <summary> |
9ff30033 | 9 | ## Domain allowed access. |
885b83ec | 10 | ## </summary> |
9ff30033 | 11 | ## </param> |
bbcd3c97 | 12 | ## <rolecap/> |
9ff30033 CP |
13 | # |
14 | interface(`zebra_read_config',` | |
15 | gen_require(` | |
16 | type zebra_conf_t; | |
9ff30033 CP |
17 | ') |
18 | ||
19 | files_search_etc($1) | |
c0868a7a | 20 | allow $1 zebra_conf_t:dir list_dir_perms; |
ce8a5299 CP |
21 | read_files_pattern($1, zebra_conf_t, zebra_conf_t) |
22 | read_lnk_files_pattern($1, zebra_conf_t, zebra_conf_t) | |
23 | ') | |
24 | ||
25 | ######################################## | |
26 | ## <summary> | |
bed0a445 CP |
27 | ## Connect to zebra over an unix stream socket. |
28 | ## </summary> | |
29 | ## <param name="domain"> | |
30 | ## <summary> | |
31 | ## Domain allowed access. | |
32 | ## </summary> | |
33 | ## </param> | |
34 | # | |
35 | interface(`zebra_stream_connect',` | |
36 | gen_require(` | |
37 | type zebra_t, zebra_var_run_t; | |
38 | ') | |
39 | ||
40 | files_search_pids($1) | |
2e2a24e0 | 41 | stream_connect_pattern($1, zebra_var_run_t, zebra_var_run_t, zebra_t) |
bed0a445 CP |
42 | ') |
43 | ||
44 | ######################################## | |
45 | ## <summary> | |
46 | ## All of the rules required to administrate | |
ce8a5299 CP |
47 | ## an zebra environment |
48 | ## </summary> | |
49 | ## <param name="domain"> | |
50 | ## <summary> | |
51 | ## Domain allowed access. | |
52 | ## </summary> | |
53 | ## </param> | |
e87221ce CP |
54 | ## <param name="role"> |
55 | ## <summary> | |
56 | ## The role to be allowed to manage the zebra domain. | |
57 | ## </summary> | |
58 | ## </param> | |
ce8a5299 CP |
59 | ## <rolecap/> |
60 | # | |
61 | interface(`zebra_admin',` | |
62 | gen_require(` | |
63 | type zebra_t, zebra_tmp_t, zebra_log_t; | |
2528a2d7 | 64 | type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t; |
ce8a5299 CP |
65 | ') |
66 | ||
995bdbb1 | 67 | allow $1 zebra_t:process signal_perms; |
e87221ce | 68 | ps_process_pattern($1, zebra_t) |
995bdbb1 | 69 | tunable_policy(`deny_ptrace',`',` |
70 | allow $1 zebra_t:process ptrace; | |
71 | ') | |
2a98379a | 72 | |
e87221ce CP |
73 | init_labeled_script_domtrans($1, zebra_initrc_exec_t) |
74 | domain_system_change_exemption($1) | |
75 | role_transition $2 zebra_initrc_exec_t system_r; | |
76 | allow $2 system_r; | |
ce8a5299 | 77 | |
e87221ce CP |
78 | files_list_etc($1) |
79 | admin_pattern($1, zebra_conf_t) | |
2a98379a | 80 | |
ce8a5299 | 81 | logging_list_logs($1) |
e87221ce | 82 | admin_pattern($1, zebra_log_t) |
ce8a5299 | 83 | |
e87221ce CP |
84 | files_list_tmp($1) |
85 | admin_pattern($1, zebra_tmp_t) | |
ce8a5299 CP |
86 | |
87 | files_list_pids($1) | |
e87221ce | 88 | admin_pattern($1, zebra_var_run_t) |
9ff30033 | 89 | ') |