2 ## <summary>policy for fcoemon</summary>
4 ########################################
6 ## Transition to fcoemon.
8 ## <param name="domain">
10 ## Domain allowed to transition.
14 interface(`fcoemon_domtrans',`
16 type fcoemon_t, fcoemon_exec_t;
19 corecmd_search_bin($1)
20 domtrans_pattern($1, fcoemon_exec_t, fcoemon_t)
24 ########################################
26 ## Read fcoemon PID files.
28 ## <param name="domain">
30 ## Domain allowed access.
34 interface(`fcoemon_read_pid_files',`
36 type fcoemon_var_run_t;
40 allow $1 fcoemon_var_run_t:file read_file_perms;
43 #######################################
45 ## Send to a fcoemon unix dgram socket.
47 ## <param name="domain">
49 ## Domain allowed access.
53 interface(`fcoemon_dgram_send',`
58 allow $1 fcoemon_t:unix_dgram_socket sendto;
61 ########################################
63 ## All of the rules required to administrate
64 ## an fcoemon environment
66 ## <param name="domain">
68 ## Domain allowed access.
71 ## <param name="role">
73 ## Role allowed access.
78 interface(`fcoemon_admin',`
81 type fcoemon_var_run_t;
84 allow $1 fcoemon_t:process signal_perms;
85 ps_process_pattern($1, fcoemon_t)
86 tunable_policy(`deny_ptrace',`',`
87 allow $1 fcoemon_t:process ptrace;
91 admin_pattern($1, fcoemon_var_run_t)