1 ## <summary>policy for dirsrv</summary>
3 ########################################
5 ## Execute a domain transition to run dirsrv.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`dirsrv_domtrans',`
15 type dirsrv_t, dirsrv_exec_t;
18 domtrans_pattern($1, dirsrv_exec_t,dirsrv_t)
22 ########################################
24 ## Allow caller to signal dirsrv.
26 ## <param name="domain">
28 ## Domain allowed access.
32 interface(`dirsrv_signal',`
37 allow $1 dirsrv_t:process signal;
41 ########################################
43 ## Send a null signal to dirsrv.
45 ## <param name="domain">
47 ## Domain allowed access.
51 interface(`dirsrv_signull',`
56 allow $1 dirsrv_t:process signull;
59 #######################################
61 ## Allow a domain to manage dirsrv logs.
63 ## <param name="domain">
65 ## Domain allowed access.
69 interface(`dirsrv_manage_log',`
71 type dirsrv_var_log_t;
74 allow $1 dirsrv_var_log_t:dir manage_dir_perms;
75 allow $1 dirsrv_var_log_t:file manage_file_perms;
76 allow $1 dirsrv_var_log_t:fifo_file manage_fifo_file_perms;
79 #######################################
81 ## Allow a domain to manage dirsrv /var/lib files.
83 ## <param name="domain">
85 ## Domain allowed access.
89 interface(`dirsrv_manage_var_lib',`
91 type dirsrv_var_lib_t;
93 allow $1 dirsrv_var_lib_t:dir manage_dir_perms;
94 allow $1 dirsrv_var_lib_t:file manage_file_perms;
97 ########################################
99 ## Connect to dirsrv over an unix stream socket.
101 ## <param name="domain">
103 ## Domain allowed access.
107 interface(`dirsrv_stream_connect',`
109 type dirsrv_t, dirsrv_var_run_t;
112 files_search_pids($1)
113 stream_connect_pattern($1, dirsrv_var_run_t, dirsrv_var_run_t, dirsrv_t)
116 #######################################
118 ## Allow a domain to manage dirsrv /var/run files.
120 ## <param name="domain">
122 ## Domain allowed access.
126 interface(`dirsrv_manage_var_run',`
128 type dirsrv_var_run_t;
130 allow $1 dirsrv_var_run_t:dir manage_dir_perms;
131 allow $1 dirsrv_var_run_t:file manage_file_perms;
132 allow $1 dirsrv_var_run_t:sock_file manage_file_perms;
135 ######################################
137 ## Allow a domain to create dirsrv pid directories.
139 ## <param name="domain">
141 ## Domain allowed access.
145 interface(`dirsrv_pid_filetrans',`
147 type dirsrv_var_run_t;
149 # Allow creating a dir in /var/run with this type
150 files_pid_filetrans($1, dirsrv_var_run_t, dir)
153 #######################################
155 ## Allow a domain to read dirsrv /var/run files.
157 ## <param name="domain">
159 ## Domain allowed access.
163 interface(`dirsrv_read_var_run',`
165 type dirsrv_var_run_t;
167 allow $1 dirsrv_var_run_t:dir list_dir_perms;
168 allow $1 dirsrv_var_run_t:file read_file_perms;
171 ########################################
173 ## Manage dirsrv configuration files.
175 ## <param name="domain">
177 ## Domain allowed access.
181 interface(`dirsrv_manage_config',`
183 type dirsrv_config_t;
186 allow $1 dirsrv_config_t:dir manage_dir_perms;
187 allow $1 dirsrv_config_t:file manage_file_perms;
190 ########################################
192 ## Read dirsrv share files.
194 ## <param name="domain">
196 ## Domain allowed access.
200 interface(`dirsrv_read_share',`
205 allow $1 dirsrv_share_t:dir list_dir_perms;
206 allow $1 dirsrv_share_t:file read_file_perms;
207 allow $1 dirsrv_share_t:lnk_file read;