policy/modules/services/cloudform.if

   1 ## <summary>cloudform policy</summary>
   2
   3 #######################################
   4 ## <summary>
   5 ##  Creates types and rules for a basic
   6 ##  cloudform daemon domain.
   7 ## </summary>
   8 ## <param name="prefix">
   9 ##  <summary>
  10 ##  Prefix for the domain.
  11 ##  </summary>
  12 ## </param>
  13 #
  14 template(`cloudform_domain_template',`
  15     gen_require(`
  16         attribute cloudform_domain;
  17     ')
  18
  19     type $1_t, cloudform_domain;
  20     type $1_exec_t;
  21     init_daemon_domain($1_t, $1_exec_t)
  22 ')
  23
  24 ######################################
  25 ## <summary>
  26 ##      Execute mongod in the caller domain.
  27 ## </summary>
  28 ## <param name="domain">
  29 ##      <summary>
  30 ##      Domain allowed access.
  31 ##      </summary>
  32 ## </param>
  33 #
  34 interface(`cloudform_exec_mongod',`
  35     gen_require(`
  36         type mongod_exec_t;
  37     ')
  38
  39     can_exec($1, mongod_exec_t)
  40 ')